1. Skip to content
  2. Skip to main menu
  3. Skip to more DW sites

FireEye says it was breached by state-backed hackers

December 9, 2020

The US cybersecurity firm said it was hacked by sophisticated attackers who stole "Red Team" tools used to test customers' computer systems. It believes the attack was state-sponsored.

A computer screen with a map of the world
The hackers primarily sought information related to 'government customers,' FireEye saysImage: picture-alliance/dpa/N. Armer

US cybersecurity firm FireEye on Tuesday said it was hacked by what could only be a nation-state with "world-class capabilities."

A blog post by the company revealed that the hackers stole tools the company uses to test the strength of customers' defenses.

"I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," FireEye CEO Kevin Mandia said in a statement. "This attack is different from the tens of thousands of incidents we have responded to throughout the years."

"The attackers tailored their world-class capabilities specifically to target and attack FireEye," Mandia explained. "They used a novel combination of techniques not witnessed by us or our partners in the past."

'Red Team' hacked

FireEye said that so far it did not appear any customer data was stolen in the attack. The attacker primarily sought information related to the company's government customers, FireEye said.

It also targeted and accessed the firm's 'Red Team' tools which "mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers," the cybersecurity firm said.

Shares of FireEye dropped 8% after hours following reports of the breach.

The Silicon Valley-based firm counts many US state and local government among its customers. The company was at the forefront of investigating cyberattacks from Russian groups that attempted to breach into many of the state governments that administer the US election.

The stolen tools could be dangerous in the wrong hands, but FireEye said it had developed and made available more than 300 countermeasures to protect its customers and others against the potential use of those tools.

US federal agencies join probe

The company said that it was investigating the breach with the help of US federal agencies, and industry partners, including tech giant Microsoft which has its own cybersecurity team.

"Their initial analysis supports our conclusion that this was the work of a highly sophisticated state-sponsored attacker utilizing novel techniques," CEO Mandia said.

The US Cybersecurity and Infrastructure Security Agency said Tuesday that it had not received any information of FireEye's stolen tools being maliciously used.

However, it warned that "unauthorized third-party users could abuse these tools to take control of targeted systems."

The FBI cyber division's assistant director, Matt Gorham, said "preliminary indications show an actor with a high level of sophistication consistent with a nation-state" was involved.

The federal government is "focused on imposing risk and consequences on malicious cyber actors, so they think twice before attempting an intrusion in the first place," Gorham said.

US spy agencies have been asked to brief the House Permanent Select Committee on Intelligence about the cyberattack in the coming days, according to chairman Adam Schiff.

"Foreign actors have not stopped attacking our country and its critical and cybersecurity infrastructure since 2016," Schiff said.

The Democrat from California said it was troubling that the hackers stole from FireEye tools that could be used in future attacks.

adi/rt (AP, AFP, Reuters)

Skip next section Explore more