Major cybersecurity firm hacked in sophisticated nation-state attack

FireEye, a top cybersecurity firm that has built a reputation for tracking the digital fingerprints in major cyberattacks, has now become a target in a highly sophisticated attack that it says was done by a skilled nation-state.

FireEye acknowledged to The Hill and other news outlets on Tuesday that its own systems were penetrated by “a nation with top-tier offensive capabilities.”

FireEye, a key firm that helped track Russia’s cyberattack on the Democratic National Committee during the 2016 presidential election, did not name who it believes is behind the attack, but its description points to the Kremlin.

FireEye CEO Kevin Mandia wrote in a blog post that “based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities.”

“We were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack,” he wrote.

Mandia noted that FireEye was working with the FBI and “other key partners,” including Microsoft, to investigate the attack.

He wrote that the “initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques.”

The attackers were able to access FireEye’s “Red Team” tools, which are used to test customer security, according to Mandia.

While the company has not yet seen any evidence of the Red Team tools being used by the attackers, “out of an abundance of caution,” FireEye had developed over 300 countermeasures to help minimize the potential impact of use of these tools by the attackers.