Cybersecurity firm FireEye says that it was hacked by a nation-state attacker who made off with many of its hacking tools and data related to government clients.
California-based FireEye disclosed the breach on Thursday, stating that it was carried out by a “highly sophisticated state-sponsored adversary.”
The attackers reportedly stole Red Team tools that FireEye uses to detect and exploit weaknesses in computer systems in order to better defend them. Additionally, the attack targeted data primarily related to “certain government customers,” The Washington Post reported.
Those government targets did not necessarily include ones in the U.S., sources said. Additionally, FireEye CEO Kevin Mandia said that the attackers didn’t appear to remove data from the systems storing customer information.
Although FireEye didn’t specifically attribute the attack to anyone, sources told The Washington Post that the attackers were tied likely to Russian intelligence.
The attack appeared to be tailor-made to target FireEye itself using methods that “counter security tools and forensic examination.” Mandia added that they “used a novel combination of techniques not witnessed by us or our partners in the past.”
According to WaPo, the attack compromised a significant number of — but not all — of the team’s Red Team tools. Those tools are the kind used in penetration tests to identify and shore up weaknesses in a client’s cyber defenses.
FireEye maintains that none of the tools relied on zero-day exploits, and were instead modeled on known attacks and exploits. Some of the tools were existing scripts modified to evade detection, while others were built in-house by FireEye’s Red Team staff. The company says it doesn’t know whether the attacks stole the tools to use them, or publicly disclose them. To date, Mandia said that FireEye has seen no evidence that the stolen tools have been used in the wild.
To mitigate the threat of those tools, however, FireEye is providing more than 300 countermeasures…