FireEye cyber tools stolen in 'state-sponsored' attack

The company's chief executive officer wrote in a blog post that an initial investigation suggests the attackers were likely backed by an adversarial nation.

FireEye announced today it was victim to a "sophisticated" cyber attack which it believes was a state-sponsored attempt to steal the company's tools it uses to assess its customers' cybersecurity, according to a Dec. 8 blog post by CEO Kevin Mandia.

Mandia's post does not name a specific country as a suspect, but says FireEye is working with both Microsoft and the FBI to investigate the incident. Reports in the New York Times, the Washington Post and the Wall Street Journal indicate that a Russian intelligence service is a likely suspect.

"The attackers tailored their world-class capabilities specifically to target and attack FireEye," according to Mandia. "They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past," he continued.

The investigation so far has found the attackers gained accessed to the company's red team assessment tools. "None of the tools contain zero-day exploits," Mandia added.

He also wrote that it is not clear whether the attackers plan to use or publish the tools, but the company is making countermeasures to the red team tools available on GitHub.

Mandia wrote that the attackers sought information about the company's government customers, which he said is in line with the actions of a "nation-state cyber-espionage effort." The company so far has "seen no evidence that the attacker" stole data from the company's systems that house customer information.

The federal government is a major customer of FireEye. Agency customers past and present include Treasury, the Army and Navy, the Agency for International Development, the Environmental Protection Agency, Health and Human Services, the Department of Justice and more.

FireEye isn't the first cybersecurity vendor to suffer a serious intrusion, according to Crowdstrike co-founder and former chief technology officer Dmitri Alperovich.

"With the Fireeye breach news coming out, it's important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9," Alperovich said on Twitter. "Security companies are a prime target for nation-state operators for many reasons, but not least of all is ability to gain valuable insights about how to bypass security controls within their ultimate target."

This article first appeared on FCW, a Defense Systems partner site.