FireEye, one of the world largest security firms, said today it was hacked and that a “highly sophisticated threat actor” accessed its internal network and stole hacking tools FireEye uses to test the networks of its customers.
In a press release today, FireEye CEO Kevin Mandia said the threat actor also searched for information related to some of the company’s government customers.
Mandia described the attacker as a “highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.”
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Mandia said in a statement released after markets closed.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” the FireEye top exec added.
“The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus.
“They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
Microsoft confirms nation-state attribution
FireEye said its assessment was confirmed by Microsoft, which the company brought in to help investigate the breach.
The Federal Bureau of Investigation was also notified and is currently assisting the company, a major government contractor.
Because FireEye believes the attackers got their hands on its custom penetration testing tools, the company is now sharing indicators of compromise (IOC) on its GitHub account. These IOCs can help other companies detect if hackers used any of FireEye’s stolen tools to breach their networks.
But despite the gloomy news, FireEye is not the first major security firm that got hacked by a nation-state group. Kaspersky disclosed a similar breach in 2015; RSA Security was also hacked in 2011 by a nation-state actor later linked to China; and Avast got hacked twice, the first time in 2017, and again in 2019.
On Twitter, top executives from security firms Crodwstrike and Dragos showed their support for FireEye and Mandia.
With the Fireeye breach news coming out, it’s important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9 1/
— Dmitri Alperovitch (@DAlperovitch) December 8, 2020
Going to be a lot of folks that dunk on FireEye for this but from my quick review they found it themselves and self disclosed. Everyone gets breached. Kudos to Kevin and the team for detecting and responding well. https://t.co/CxHM375Jbu
— Robert M. Lee (@RobertMLee) December 8, 2020
