FireEye is the cybersecurity company of choice for a number of U.S. federal agencies and states and works with the FBI and National Security Agency.
By Kevin Collier and Ken Dilanian
FireEye, a major U.S. cybersecurity company with extensive government contracts, has been hacked by a foreign country, it said Tuesday.
In a company blog post, CEO Kevin Mandia called it “an attack by a nation with top-tier offensive capabilities.”
In a rare emailed statement, Matt Gorham, assistant director of the FBI’s Cyber Division, said that the agency “is investigating the incident and preliminary indications show an actor with a high level of sophistication consistent with a nation-state.”
FireEye works with a number of U.S. federal agencies and states, including the FBI and the National Security Agency. The hackers’ primary goal appeared to be stealing information on FireEye’s government clients, Mandia said.
He did not attribute the attack to a particular country, a somewhat surprising decision considering his company pioneered the now relatively common practice of attributing hacks to elite hacker groups and naming the country employing them.
It was unclear exactly how much customer information was accessed, though Mandia said they were able to get an ancillary prize: the tools used by the company’s Red Team, the section tasked with creating ways to hack into their clients in order to anticipate how to defend against new attacks.
As a result, Mandia said, the company has made countermeasures against those tools publicly available.
Rep. Adam Schiff, D-Calif., the chairman of the House Permanent Select Committee on Intelligence, said in a statement that he has asked “relevant intelligence agencies to brief the Committee in the coming days about this attack any vulnerabilities that may arise from it, and actions to mitigate the impacts.”
“Foreign actors have not stopped attacking our country and its critical and cybersecurity infrastructure since 2016,” Schiff said. “In fact, they’ve continued, grown more sophisticated and only have to succeed once, while the U.S. government and companies alike have to pitch a perfect game. This news about FireEye is especially concerning because reportedly a nation-state actor made off with advanced tools that could help them mount future attacks.”
Priscilla Moriuchi, a fellow at Harvard University’s Belfer Center for Science and International Affairs and a specialist on state-sponsored cyber operations, said that FireEye’s technical scope and government work has long made it a ripe target for elite government hackers.
“FireEye and other cybersecurity vendors have been actively targeted by nation-state hackers for years,” she said.
The hack echoes other attacks in recent years, like the 2018 theft of elite NSA tools by an otherwise unknown entity calling itself the Shadow Brokers. The group leaked some of them to the public, leading to devastating ransomware attacks around the world.
James Andrew Lewis, director of the strategic technologies program at the Center for Strategic and International Studies, a think tank in Washington, said that hacking FireEye could open up opportunities to hack many of its clients.
“Hacking a cyber security company is a great way to get around a customer’s defense,” Lewis said in an email. “The Russians may hold a grudge against FireEye. This is where private intelligence companies are at a disadvantage compared to governments.”