Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Attackers breach cybersecurity firm FireEye, steal hacking tools

Credit: Malcolm Owen, AppleInsider

Last updated

Cybersecurity firm FireEye says that it was hacked by a nation-state attacker who made off with many of its hacking tools and data related to government clients.

California-based FireEye disclosed the breach on Thursday, stating that it was carried out by a "highly sophisticated state-sponsored adversary."

The attackers reportedly stole Red Team tools that FireEye uses to detect and exploit weaknesses in computer systems in order to better defend them. Additionally, the attack targeted data primarily related to "certain government customers," The Washington Post reported.

Those government targets did not necessarily include ones in the U.S., sources said. Additionally, FireEye CEO Kevin Mandia said that the attackers didn't appear to remove data from the systems storing customer information.

Although FireEye didn't specifically attribute the attack to anyone, sources told The Washington Post that the attackers were tied likely to Russian intelligence.

The attack appeared to be tailor-made to target FireEye itself using methods that "counter security tools and forensic examination." Mandia added that they "used a novel combination of techniques not witnessed by us or our partners in the past."

According to WaPo, the attack compromised a significant number of — but not all — of the team's Red Team tools. Those tools are the kind used in penetration tests to identify and shore up weaknesses in a client's cyber defenses.

FireEye maintains that none of the tools relied on zero-day exploits, and were instead modeled on known attacks and exploits. Some of the tools were existing scripts modified to evade detection, while others were built in-house by FireEye's Red Team staff. The company says it doesn't know whether the attacks stole the tools to use them, or publicly disclose them. To date, Mandia said that FireEye has seen no evidence that the stolen tools have been used in the wild.

Although not strictly focused on Apple products, FireEye has identified exploits in the company's products in the past. It also makes security tools and software for macOS and other Apple platforms.

To mitigate the threat of those tools, however, FireEye is providing more than 300 countermeasures to its customers to help shield them from attacks.

The FBI is investigating the attack, and Microsoft is assisting FireEye in its own investigation.



10 Comments

lkrupp 19 Years · 10521 comments

If the Russians and Chinese are doing this just think of what the CIA/NSA/Israel are doing.

alanh 14 Years · 74 comments

Released the info on Thursday? How come this was on UK BBC news a couple of days ago...?

charlesatlas 9 Years · 401 comments

alanh said:
Released the info on Thursday? How come this was on UK BBC news a couple of days ago...?

Just a typo by Mike Petersen. The press release he links to is dated Tuesday.

Doesn't look good for FireEye, though. You'd think a cybersecurity firm would be able to secure their own systems. If I were a current client, I'd be looking elsewhere.

jimh2 8 Years · 670 comments

I’d say this is not good for business. Who would hire a company that has been hacked to protect them?