US cyber security firm FireEye has admitted to being a victim of a “nation-state” cyber attack.
According to the company, a "highly sophisticated threat actor" accessed its internal network and stole several “red team tools”, used to imitate real-world attacks and test customers’ networks. CEO Kevin Mandia said the attack was different from the “tens of thousands of incidents” FireEye has responded to over the years.
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” he said in the post.
"The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
FireEye has over 9,000 customers across 103 countries, including many in the national security space.
As a precaution, the company has now launched 300 countermeasures for customers in the event of the hackers using the stolen Red Team tools, although they have not done so far. It is now working with the US’ Federal Bureau of Investigation and other partners, including Microsoft.
“Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilising novel techniques,” Mandia added.