Top cybersecurity firm hit by ‘state-sponsored’ hacking

A leading US cybersecurity company has been hacked, likely by a foreign government with “top-tier offensive capabilities”.

FireEye, which has been responsible for helping governments and businesses respond to some of the most sophisticated cyber attacks, said it had itself been targeted by attackers with "world-class" expertise who broke into its network and accessed hacking tools.

The company described the attack as a “nation-state cyber-espionage effort” during which “the attacker was able to access some of our internal systems”.

The stolen malware – so-called "red-team" tools which are used to test customers’ security – could be dangerous in the wrong hands, with cybersecurity experts warning that sophisticated nation-state hackers could deploy them in the future against political or corporate targets.

FireEye CEO Kevin Mandia wrote in a blog post: “We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack.

"I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," Mr Mandia added, deeming it "different from the tens of thousands of incidents we have responded to throughout the years."

He said those responsible “primarily sought information related to certain government customers”.

In recent years the California-based company has responded to data breaches suffered by Sony and Equifax and helped Saudi Arabia thwart an oil industry cyberattack.

FireEye has also played a key role in identifying Russia as the lead actor in numerous hackings, though the company did not comment on specifically who might be responsible this time.

An investigation into the attack has been launched in coordination with the FBI and others including Microsoft, which has its own cybersecurity team.

Mr Mandia said the hackers used "a novel combination of techniques not witnessed by us or our partners in the past" but that FireEye had so far seen no evidence that any attacker has used the stolen red-team tools.

The company said it had developed more than 300 countermeasures for its customers to use in order to minimise the potential impact of the theft of the tools.

Matt Gorham, assistant director of the FBI's cyber division, said the hackers' “high level of sophistication [was] consistent with a nation state”.

Many in the cybersecurity community suspect Russia.

Jake Williams, a former NSA hacker, told Reuters: "I do think what we know of the operation is consistent with a Russian state actor. Whether or not customer data was accessed, it's still a big win for Russia."

It is not clear exactly when the hack initially took place, but a person familiar with the events told the agency FireEye had been resetting user passwords over the past two weeks.

The stolen computer kit targets vulnerabilities in popular software products, but Mr Mandia said none of the stolen tools exploited so-called "zero-day vulnerabilities", meaning the relevant flaws should already be in the public domain.

The hack was the most significant breach of a major cybersecurity firm since 2016 when a mysterious group known as the "Shadow Brokers" released high-level hacking tools stolen from the National Security Agency.

North Korea and Russia were suspected of having used that stolen information to launch devastating global cyberattacks.