BOSTON (AP) — Prominent United States (US) cybersecurity firm FireEye said on Tuesday that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, who include federal, state and local governments and top global corporations.
The hackers “primarily sought information related to certain government customers”, FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company’s consulting or breach-response businesses or threat-intelligence data it collects.
FireEye is a major cybersecurity player — it responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack — and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokeswoman said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia.
“I do think what we know of the operation is consistent with a Russian state actor,” said former NSA hacker Jake Williams, president of Rendition Infosec. “Whether or not customer data was accessed, it’s still a big win for Russia.”
FireEye’s Mandia said he had concluded that “a nation with top-tier offensive capabilities” was behind the attack. The stolen “red team” tools – which amount to real-world malware – could be dangerous in the wrong hands. FireEye said there’s no indication they have been used maliciously. But cybersecurity experts said sophisticated nation-state hackers could modify them and wield them in the future against government or industry targets.
The hack was the biggest blow to the US cybersecurity community since a mysterious group known as the “Shadow Brokers” in 2016 released a trove of high-level hacking tools stolen from the National Security Agency. The US believes North Korea and Russia capitalised on the stolen tools to unleash devastating global cyberattacks.
The nation’s Cybersecurity and Infrastructure Security Agency warned that “unauthorised third-party users” could similarly abuse FireEye’s stolen red-team tools.