Attackers breach cybersecurity firm FireEye, steal hacking tools

Credit: Malcolm Owen, AppleInsider

AppleInsider may earn an affiliate commission on purchases made through links on our site.

Cybersecurity firm FireEye says that it was hacked by a nation-state attacker who made off with many of its hacking tools and data related to government clients.

California-based FireEye disclosed the breach on Thursday, stating that it was carried out by a "highly sophisticated state-sponsored adversary."

The attackers reportedly stole Red Team tools that FireEye uses to detect and exploit weaknesses in computer systems in order to better defend them. Additionally, the attack targeted data primarily related to "certain government customers," The Washington Post reported.

Those government targets did not necessarily include ones in the U.S., sources said. Additionally, FireEye CEO Kevin Mandia said that the attackers didn't appear to remove data from the systems storing customer information.

Although FireEye didn't specifically attribute the attack to anyone, sources told The Washington Post that the attackers were tied likely to Russian intelligence.

The attack appeared to be tailor-made to target FireEye itself using methods that "counter security tools and forensic examination." Mandia added that they "used a novel combination of techniques not witnessed by us or our partners in the past."

According to WaPo, the attack compromised a significant number of — but not all — of the team's Red Team tools. Those tools are the kind used in penetration tests to identify and shore up weaknesses in a client's cyber defenses.

FireEye maintains that none of the tools relied on zero-day exploits, and were instead modeled on known attacks and exploits. Some of the tools were existing scripts modified to evade detection, while others were built in-house by FireEye's Red Team staff. The company says it doesn't know whether the attacks stole the tools to use them, or publicly disclose them. To date, Mandia said that FireEye has seen no evidence that the stolen tools have been used in the wild.

Although not strictly focused on Apple products, FireEye has identified exploits in the company's products in the past. It also makes security tools and software for macOS and other Apple platforms.

To mitigate the threat of those tools, however, FireEye is providing more than 300 countermeasures to its customers to help shield them from attacks.

The FBI is investigating the attack, and Microsoft is assisting FireEye in its own investigation.