Firm that's 'usually the first call for cyberattack victims' says it was hacked

Cybersecurity firm FireEye has disclosed it was the victim of cyberattack it believes to have been carried out "by a nation with top-tier offensive capabilities."

The firm made this announcement on Tuesday, with CEO Kevin Mandia saying in a blog post that "we were attacked by a highly sophisticated threat actor, one whose discipline, operational security, and techniques lead us to believe it was a state-sponsored attack." The attacker "primarily sought information related to certain government customers," the firm said. Fireye is "usually the first call for cyberattack victims the world over," The New York Times' Nicole Perlroth wrote.

Though FireEye didn't identify a suspect, the Times reports that the information provided pointed to Russian intelligence agencies, and according to The Wall Street Journal, investigators see Russia as "the most likely culprit."

The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Mandia said the firm, which is investigating with the Federal Bureau of Investigation, found the attackers "accessed certain Red Team assessment tools." Such tools are "used by cybersecurity companies to probe the defenses of their customers and identify possible vulnerabilities that can be attacked," the Journal reports. FireEye hasn't seen evidence that an attacker used the stolen tools, and it has "prepared countermeasures that can detect or block the use" of them, it said.

But former NSA hacker Patrick Wardle explained to the Times that "hackers could leverage FireEye's tools to hack risky, high-profile targets with plausible deniability."