- Apr 24, 2016
The cybersecurity firm FireEye (FEYE) said Tuesday that it had come under cyberattack by "highly sophisticated" actors likely sponsored by a nation-state, in a rare and extremely serious instance of a mainstream security vendor being compromised. The hack could even give the perpetrators the means to launch attacks against other targets.
In an investor disclosure, FireEye said the attack was highly customized to target FireEye's systems and is unlike any the company has responded to in the past.
"Based on his 25 years in cyber security and responding to incidents, Kevin Mandia, our Chief Executive Officer, concluded we are witnessing an attack by a nation with top-tier offensive capabilities," the SEC filing said.
The attacker accessed "certain Red Team assessment tools that we use to test our customers' security," the disclosure continued, implying that many of FireEye's clients, including its government customers, could be indirectly affected by the breach. "We are proactively releasing methods and means to detect the use of our stolen Red Team tools. We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them. Nevertheless, out of an abundance of caution, we have developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools."
In a blog post, Mandia said FireEye is working with the FBI and other forensic partners, including Microsoft (MSFT).
"Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques," Mandia wrote.
Mandia added that the attackers tried to access information "related to certain government customers," but that the company has no evidence yet that customer information has been stolen.
None of the stolen cybersecurity tools contained so-called zero-day exploits, Mandia said. Zero-day vulnerabilities are software vulnerabilities that have never been publicly identified or patched, and can be extremely dangerous if weaponized by malicious actors.
Mike Chapple, a cybersecurity expert at the University of Notre Dame and a former National Security Agency official, called the FireEye breach "an extraordinarily significant attack."
"As one of the world's go-to cybersecurity firms, FireEye has a ringside seat for some of the most sophisticated breaches carried out worldwide," Chapple said. "The impact of this breach remains to be seen and depends upon the motivation of the attackers. We might see them go public in an attempt to monetize their work by selling exploits. On the other hand, they might remain in the shadows, stealthily using their new tools to compromise high-value systems."
Shares of FireEye fell more than 7% in after-hours trading Tuesday following the disclosure.