Sophisticated hackers have turned the tables on FireEye, one of the world’s premier cybersecurity firms, stealing digital tools that it uses to test its customers’ cyber defenses.
The New York Times said the “stunning theft,” which FireEye disclosed on Tuesday, was “akin to bank robbers who, having cleaned out local vaults, then turned around and stole the FBI’s investigative tools.”
“The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyberattacks,” said Sen. Mark Warner, the ranking Democrat on the Senate Intelligence Committee.
FireEye CEO Kevin Mandia said in a blog post that the company believes the attackers were sponsored by “a nation with top-tier offensive capabilities” and used “a novel combination of techniques not witnessed by us or our partners in the past” to access “certain Red Team assessment tools that we use to test our customers’ security.”
“Consistent with a nation-state cyber-espionage effort, the attacker primarily sought information related to certain government customers,” he reported.
According to the Times, FireEye “has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be.”
The firm’s Red Team tools mimic the behavior of many cyber threat actors and enable FireEye to provide diagnostic security services to its customers. The hack was the largest known theft of cybersecurity tools since a group called ShadowBrokers attacked the National Security Agency in 2006.
Experts said the thieves could use the Red Team tools to hide their own tracks when they launch future attacks. But Mandia said FireEye had seen no evidence to date that any attacker has used them.
“We have learned and continue to learn more about our adversaries as a result of this attack,” he said.
Mike Chapple, a cybersecurity expert at the University of Notre Dame and a former National Security Agency official, called the FireEye breach “an extraordinarily significant attack.”
“As one of the world’s go-to cybersecurity firms, FireEye has a ringside seat for some of the most sophisticated breaches carried out worldwide,” he told CNN Business.