“We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack,” Kevin Mandia, chief executive officer, said in the post. “We are not sure if the attacker intends to use our Red Team tools or to publicly disclose them.”
Mandia added that the hacker was likely “a nation with top-tier offensive capabilities” which used “novel techniques” to steal the firm’s proprietary tool kit. The tool kit mimics the behavior of many threat actors and is used for diagnostic purposes, he said.
He also added that as a cautionary measure FireEye has “developed more than 300 countermeasures for our customers, and the community at large, to use in order to minimize the potential impact of the theft of these tools.”
It’s uncertain when the hack took place, but sources told Reuters that FireEye has spent the past two weeks resetting user passwords. Aside from tools, the fraudsters were also apparently after data from the many government agencies that are clients of FireEye. The company has cybersecurity clients across the national security space in the U.S., reports Reuters.
“We have asked the relevant intelligence agencies to brief the Committee in the coming days about this attack, any vulnerabilities that may arise from it, and actions to mitigate the impacts,” Rep. Adam Schiff (D-California), chairman of the House Intelligence Committee, told Reuters.
FireEye said in March that it suspected that China was responsible for numerous cyberspying incidents that started in January, about the time the coronavirus started spreading there. Over 75 of FireEye’s customers are media firms, healthcare organizations, manufacturers and nonprofits.