Skip to main content

FireEye cybersecurity tools compromised in state-sponsored attack

FireEye cybersecurity tools compromised in state-sponsored attack


It says tools use to assess customer security were accessed

Share this story

Illustration by Alex Castro / The Verge

One of the US’s leading cybersecurity firms, FireEye, says it’s been hacked by a state-sponsored attacker. Hackers targeted and accessed the firm’s so-called Red Team tools, which it uses to test customer security and find vulnerabilities. Now there’s concern that the hackers could release these tools publicly or use them to attack others, though there is no evidence that this has happened yet. FireEye says that it does not believe any customer information was taken.

Although the blog post, authored by FireEye CEO Kevin Mandia, does not say who is responsible, it says that the attacking nation has “top-tier offensive capabilities.” The Wall Street Journal reports that Russia is a suspect, specifically its foreign-intelligence service known as the SVR. However, the investigation into who is responsible is ongoing.

“This attack is different from the tens of thousands of incidents we have responded to throughout the years”

“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” Mandia wrote in the post, noting that the attackers “are highly trained in operational security and executed with discipline and focus.” The disclosure did not say when the hack took place or when FireEye became aware of it.

“They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past,” wrote Mandia. FireEye says it’s investigating the hack alongside the Federal Bureau of Investigation, as well as industry partners like Microsoft.

FireEye’s disclosure of the attack, which the WSJ notes caused its shares to drop around 7 percent in after-hours trading, was praised by US Senator Mark Warner, who serves as vice chairman of the Senate Select Committee on Intelligence and co-chairs the Senate Cybersecurity Caucus. “I applaud FireEye for quickly going public with this news, and I hope the company’s decision to disclose this intrusion serves as an example to others facing similar intrusions,” he said, adding that the attack “shows the difficulty of stopping determined nation-state hackers.”

In response to the attack, FireEye said it has developed over 300 countermeasures to help its customers and the cybersecurity community defend against the stolen tools. It’s implemented these countermeasures into its own security products, shared them with “colleagues in the security community,” and is making them publicly available. FireEye intends to share further countermeasures as they become available.