Skip to main content
Publish date:

Cybersecurity Firm FireEye Says It Was Hacked, Suspects State Actor

Cybersecurity-solutions provider FireEye says it was hacked, with the intruders stealing tools that some of its staff use to protect data.
Author:

Cybersecurity-solutions provider FireEye  (FEYE) - Get FireEye, Inc. Report said it was hacked, with the intruders stealing tools that some of its security officials use to protect data.

The Milpitas, Calif., company called the hackers a "highly sophisticated state-sponsored adversary."

It did not identify the country that it suspects, but a person familiar with the matter told The Wall Street Journal that investigators consider Russia the most likely suspect.

"I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," Chief Executive Kevin Mandia said in a blog post on the company website.

He said the attackers "tailored their world-class capabilities specifically to target and attack FireEye. ... They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”

He said the company was "actively investigating in coordination with the Federal Bureau of Investigation and other key partners, including Microsoft."  (MSFT) - Get Microsoft Corporation (MSFT) Report

And Mandia said that [consistent] with a nation-state cyberespionage effort, the attacker primarily sought information related to certain government customers.

TheStreet Recommends

"While the attacker was able to access some of our internal systems, at this point in our investigation we have seen no evidence that the attacker exfiltrated data from our primary systems that store customer information from our incident response or consulting engagements, or the metadata collected by our products in our dynamic threat intelligence systems.

"If we discover that customer information was taken, we will contact them directly."

FireEye said it did not know "whether the attacker intends to use the stolen tools themselves or publicly disclose them."

It said it was releasing "hundreds of countermeasures ... to enable the broader security community to protect themselves against these tools."

It has "incorporated the countermeasures" into its products "and shared these countermeasures with partners, government agencies [to] significantly limit the ability of the bad actor to exploit" the tools.

FireEye said it had not "seen these tools disseminated or used by any adversaries, and we will continue to monitor for any such activity along with our security partners."

Shares of FireEye fell $1.07, or 6.9%, to $14.45 in after-hours trading.