U.S. cybersecurity group FireEye said on Tuesday it had suffered a major cyberattack, likely led by state-sponsored hackers, who stole powerful hacking tools the company uses to test customer systems.
Shares of the Silicon Valley company fell nearly 8% after hours after detailing what it believed to be a carefully targeted operation.
The company said the attackers had gained access to its internal systems and “were primarily looking for information relating to certain government customers,” but did not appear to have stolen customer data.
The attackers were successful in obtaining the tools used by FireEye’s “red team”, a group of staff who hack into customer networks in order to expose vulnerabilities, he said.
The company declined to attribute the attack to any country, but said it concluded it was carried out by a “nation with high-level offensive capabilities.”
The news marks a rare and embarrassing example of a well-known cybersecurity vendor being raped himself, and raises the possibility that hackers are now able to use Red Team’s tools to attack others.
FireEye said it had no evidence that the stolen tools were used by attackers, but published more than 300 “countermeasures” to help its customers and others protect themselves.
He added that none of the stolen tools contained so-called zero-day exploits – weaknesses that have never been publicly identified and for which there are no fixes.
FireEye said it was investigating the hack with help from the FBI and other groups, including Microsoft.
“Based on my 25 years of cybersecurity and incident response, I have concluded that we are witnessing an attack from a country with high level offensive capabilities,” said Kevin Mandia, Managing Director of FireEye.
“This attack is unlike the tens of thousands of incidents we have responded to over the years. They operated clandestinely, using methods that thwart security tools and forensic examinations. They used a new combination of techniques that we or our partners have not seen in the past. ”
Matt Gorham, deputy director of the FBI’s cyber division, said the agency was investigating the incident and found the level of sophistication to be “consistent with a nation state.”
Additional reporting by Kadhim Shubber in Washington