US cybersecurity firm FireEye hit by 'state-sponsored' attack

Image source, Reuters
Image caption,
FireEye did not say when the attack happened

US cybersecurity firm FireEye says it has recently been attacked by a "highly sophisticated threat actor", believing the hacking was state-sponsored.

"The attacker primarily sought information related to certain government customers," he wrote.

The blog did not say who might have carried out the attack. The firm and the FBI are investigating the hack.

FireEye share price plunged following the company's acknowledgement of the hack.

What did FireEye say?

"Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," Mr Mandia said in Tuesday's blog, adding that the hack was "different from the tens of thousands of incidents we have responded to throughout the years".

"The attackers tailored their world-class capabilities specifically to target and attack FireEye.

"They used a novel combination of techniques not witnessed by us or our partners in the past," the blog said.

California-based FireEye was set up in 2004. It specialises in investigating attacks in cyberspace against companies throughout the world.

It is being described as one of the fastest-growing firms in the industry.

Mr Mandia began his career in the US Air Force investigating the first major cyber attack on America's defence secrets by another state, the BBC's security correspondent Gordon Corera reports.

In that case, our correspondent says, the Russians were responsible and, even though Mr Mandia does not name names, Russia may well be the prime suspect this time.

Shiver down the spines

FireEye is a highly regarded outfit used by companies and governments around the world to protect them from hacking.

So when the defenders themselves get hacked it sends a shiver down the spines of security experts.

It isn't the first time a major cyber-security company has been hacked - but what is concerning here is that FireEye's so-called "Red Team" hacking weapons have been stolen.

Like many cyber-security firms, FireEye has an offensive division that can be hired by companies and governments to carry out mock cyber attacks to help an organisation improve its defences.

FireEye says its hacking tool chest has been plundered meaning that the thieves now have a potent collection of new techniques to draw upon.

This has also happened before in the infamous Shadow Broker leaks in which hackers stole and shared cyber weapons developed by the US National Security Agency. This resulted in successful and devastating attacks on businesses and civilians all over the world.

The saving grace here, perhaps, is that FireEye knows exactly what hacking tools they had and, hopefully how to defend against them.

The race is on to get the warnings out there before the hackers take advantage.

You may also be interested in:

Media caption,
Experts have been warning for years that it's not a matter of if, but when, hackers will kill somebody