Cyber security firm FireEye said it was hacked and attackers stole tools the company uses to test the defenses of its customers’ computer networks for potential vulnerabilities. The company’s shares fell 9.8% on the news.
The attackers were a “nation with high-level offensive capabilities,” CEO Kevin Mandia said. He did not identify the country suspected of being behind the attack, but a person familiar with the incident said investigators believed hackers with close ties to the Russian government were behind it.
Hackers “have specifically tailored their world-class capabilities to target and attack FireEye,” Mandia said in one company.BlogTuesday. “They are highly skilled in operational safety and executed with discipline and focus.”
The tools used, called “red team tools” in the security community, mimic the behavior of hackers and enable FireEye to provide “diagnostic security services” to customers, Mandia said. He said the company had so far seen no evidence that anyone had used the tools in a cyber attack.
Shares of the company fell to as low as $ 14.00 in extended trading after closing at $ 15.52 in New York City. The stock has declined 6.1% this year.
FireEye, based in Milpitas, California, was founded in 2004 and is highly regarded in the cybersecurity community. It is considered one of the companies with enough intelligence and threat expertise to routinely and reliably attribute attacks to high-level hackers, including the governments of Russia, China, Iran. and North Korea.
“The FireEye breach is an extremely large attack due to the nature of the target,” saidMike Chapple, professor of computer science, analysis and operations at the Mendoza College of Business at Notre Dame University, in written remarks. “As one of the world’s premier cybersecurity companies, FireEye is the site of some of the most sophisticated breaches in the world. From that perspective, they are able to put together one of the world’s most comprehensive choices of cyber warfare tools to use in their own defensive work.
The hack was discovered in recent weeks by FireEye when it found a suspicious connection that had exceeded the two-factor authentication requirement on their virtual private network, according to the company. The attackers hacked two dozen US-based IP addresses, none of which were previously detected in a cyber attack – the type of sophisticated tactic that led FireEye to believe that a foreign intelligence was behind the incident.
“Pursuant to a nation-state cyberespionage effort, the attacker was primarily looking for information relating to certain government clients,” Mandia wrote. He added that although the hackers gained access to “some of our internal systems,” they did not appear to steal customer data.
FireEye investigates the attack with the FBI and Microsoft Corp. The company also publishes information that can help neutralize tools that have been stolen.
Matt Gorham, deputy director of the Cyber Division of the FBI, said preliminary indications “show an actor with a high level of sophistication consistent with a nation state.”
“This incident demonstrates why the security industry must work together to defend itself and respond to threats posed by well-funded adversaries using new and sophisticated attack techniques,” Microsoft said in a statement, which also praised FireEye for revealing the violation.
More to read absolutely technological coverage of Fortune:
- 2020 was a record year for European technological investments. Not even a pandemic could slow it down
- Shipping times for the holidays for FedEx, UPSand the postal service
- Quantum computing is enter a new dimension
- Battery boot backed by Bill Gates claims a major advance
- The founder of Indiegogo launches Vincent, a site to discover alternative investments