Cyber security firm FireEye hacked by foreign government agents

Cybersecurity firm FireEye says it has been hacked by foreign government agents with “top-tier capabilities”.

FireEye has 8,800 customers, including US federal government agencies and more than half of the Forbes Global 2000 list.

The US firm said hackers broke into its network and stole “red team tools”, which it uses to test the defences of its clients.

However, there was no indication that information about customers, breach response, or threat intelligence was stolen.

It is unclear when the hack took place but reports said the company had been resetting user passwords over the past two weeks.

FireEye chief executive Kevin Mandia said: “I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities.

“This attack is different from the tens of thousands of incidents we have responded to throughout the years.”

More from Science & Tech

  • Apple announces new AirPods Max, over-the-ear headphones costing £549

  • Facebook chief Mark Zuckerberg ‘threatened to pull UK investment amid regulation row’

  • COVID-19: Scientific breakthrough in monitoring infections through wastewater

  • End-to-end encryption ‘puts children at greater risk of exploitation’

  • Finland, home of Nokia, set to pass law which may exclude Huawei from networks

  • Underground observatory to show scientists what lies beneath the Earth’s surface

He added that the hackers “primarily sought information related to certain government customers” and had used “a novel combination of techniques not witnessed by us or our partners in the past”.

Kevin Mandia, CEO of FireEye, testifies before the Senate Intelligence Committee March 30, 2017 in Washington, DC
Image:Kevin Mandia is chief executive at FireEye, one of the US’s biggest cybersecurity firms

Matt Gorham, assistant FBI director for the cyber division, said: “The FBI is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation state.”

Many experts suspect Russia.

Former NSA hacker Jake Williams, president of Rendition Infosec, said: “I do think what we know of the operation is consistent with a Russian state actor.

“Whether or not customer data was accessed, it’s still a big win for Russia.”

Thomas Rid, a cyberconflict scholar at Johns Hopkins, said that if Russia was to blame, it could have been trying to see what FireEye knows about its cyber operations.

The tools stolen do not yet appear to have been used maliciously but could be modified and used against governments or businesses in future.

Cybersecurity expert Dmitri Alperovitch added: “This could have been much worse if their customer data had been hacked and exfiltrated. So far there is no evidence of that.”

California-based FireEye is known for having responded to the Sony and Equifax data breaches and helped Saudi Arabia deal with a cyber attack on its oil industry.

It has also played a major role in identifying Russia as being behind numerous cyber attacks in the past.

Its stock fell more than 7% in after-hours trading on Tuesday following news of the hack.

Mark Gibson

Graduates in Northwestern University, Evanston, Illinois 1990. Move to Los Angeles California in 2004. Specialized in Internet journalism.

Leave a Reply

Your email address will not be published. Required fields are marked *