Prominent U.S. cybersecurity firm FireEye says it has recently been targeted by hackers with “world-class capabilities,” believing that the hacking was state-sponsored.
In a blog post on December 8, FireEye CEO Kevin Mandia said the hackers broke into its network and stole tools used for testing customers' security.
"The attacker primarily sought information related to certain government customers," Mandia wrote, without naming them.
The blog post did not say when the attack was detected. It said the company is investigating the hack with the FBI.
Matt Gorham, assistant director of the FBI's cyberdivision, said the hackers' “high level of sophistication [was] consistent with a nation state.”
Cybersecurity experts say sophisticated nation-state hackers could modify the stolen “red team” tools and wield them in the future against government or industry targets.
Many in the cybersecurity community suspect Russia for the hack, including Jake Williams, president of cybersecurity firm Rendition Infosec.
"I do think what we know of the operation is consistent with a Russian state actor," Williams said. "Whether or not customer data was accessed, it’s still a big win for Russia."
FireEye is a California-based firm used by companies and governments throughout the world to protect them from hacking.
The company has been at the forefront of investigating state-backed hacking groups and played a key role in identifying Russia as the protagonist in numerous hacks, including the attacks in 2015 and 2016 on Ukraine’s energy grid.
Mandia said he had concluded that "a nation with top-tier offensive capabilities” was behind the attack.
The attackers “tailored their world-class capabilities specifically to target and attack FireEye,” using “a novel combination of techniques not witnessed by us or our partners in the past," the blog said.
The hack was said to be the biggest blow to the U.S. cybersecurity community since hackers in 2016 released hacking tools stolen from the National Security Agency (NSA).
The United States believes Russia and North Korea capitalized on the stolen tools to unleash global cyberattacks.