Accessibility links

Breaking News

U.S. Cybersecurity Firm FireEye Hit By 'Nation-State' Attack, Russia Suspected


The company has been at the forefront of investigating state-backed hacking groups, including from Russia, North Korea, and Iran. (file photo)
The company has been at the forefront of investigating state-backed hacking groups, including from Russia, North Korea, and Iran. (file photo)

Prominent U.S. cybersecurity firm FireEye says it has recently been targeted by hackers with “world-class capabilities,” believing that the hacking was state-sponsored.

In a blog post on December 8, FireEye CEO Kevin Mandia said the hackers broke into its network and stole tools used for testing customers' security.

"The attacker primarily sought information related to certain government customers," Mandia wrote, without naming them.

The blog post did not say when the attack was detected. It said the company is investigating the hack with the FBI.

Matt Gorham, assistant director of the FBI's cyberdivision, said the hackers' “high level of sophistication [was] consistent with a nation state.”

Cybersecurity experts say sophisticated nation-state hackers could modify the stolen “red team” tools and wield them in the future against government or industry targets.

Many in the cybersecurity community suspect Russia for the hack, including Jake Williams, president of cybersecurity firm Rendition Infosec.

"I do think what we know of the operation is consistent with a Russian state actor," Williams said. "Whether or not customer data was accessed, it’s still a big win for Russia."

FireEye is a California-based firm used by companies and governments throughout the world to protect them from hacking.

The company has been at the forefront of investigating state-backed hacking groups and played a key role in identifying Russia as the protagonist in numerous hacks, including the attacks in 2015 and 2016 on Ukraine’s energy grid.

Mandia said he had concluded that "a nation with top-tier offensive capabilities” was behind the attack.

The attackers “tailored their world-class capabilities specifically to target and attack FireEye,” using “a novel combination of techniques not witnessed by us or our partners in the past," the blog said.

The hack was said to be the biggest blow to the U.S. cybersecurity community since hackers in 2016 released hacking tools stolen from the National Security Agency (NSA).

The United States believes Russia and North Korea capitalized on the stolen tools to unleash global cyberattacks.

With reporting by AP and the BBC
  • 16x9 Image

    RFE/RL

    RFE/RL journalists report the news in 27 languages in 23 countries where a free press is banned by the government or not fully established. We provide what many people cannot get locally: uncensored news, responsible discussion, and open debate.

RFE/RL has been declared an "undesirable organization" by the Russian government.

If you are in Russia or the Russia-controlled parts of Ukraine and hold a Russian passport or are a stateless person residing permanently in Russia or the Russia-controlled parts of Ukraine, please note that you could face fines or imprisonment for sharing, liking, commenting on, or saving our content, or for contacting us.

To find out more, click here.

XS
SM
MD
LG