State-sponsored hackers targeted cybersecurity firm FireEye in a recent cyberattack, company CEO Kevin Mandia disclosed in a Dec. 8 statement. The company said it is coordinating with the Federal Bureau of Investigation (FBI) in its investigation of the attack.
The attack was successful in breaching some of the company’s internal systems, but there is no evidence that any customer information was stolen, the company said. The FBI concurred with the company’s conclusion of a state-sponsored attack. In addition to seeking information about FireEye customers, the attack targeted “red team” tools that FireEye uses to test customer security measures.
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities. This attack is different from the tens of thousands of incidents we have responded to throughout the years. The attackers tailored their world-class capabilities specifically to target and attack FireEye,” Mandia said in the statement.
“They are highly trained in operational security and executed with discipline and focus,” he continued. “They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
Examination of the attack also revealed no unknown exploits that would cause problems before detection, also known as zero-day exploits. In response, the company developed and pushed out 300 countermeasures for its customers.
FireEye said it will continue to monitor for any unauthorized use of any of the red-team tools that the attackers were targeting.