FireEye cyber tools stolen in 'state-sponsored' attack


FireEye announced today it was victim to a "sophisticated" cyber attack which it believes was a state-sponsored attempt to steal the company's tools it uses to assess its customers' cybersecurity, according to a Dec. 8 blog post by CEO Kevin Mandia.

Mandia's post does not name a specific country as a suspect, but says FireEye is working with both Microsoft and the FBI to investigate the incident. Reports in the New York Times, the Washington Post and the Wall Street Journal indicate that a Russian intelligence service is a likely suspect.

"The attackers tailored their world-class capabilities specifically to target and attack FireEye," according to Mandia. "They are highly trained in operational security and executed with discipline and focus. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past," he continued.

The investigation so far has found the attackers gained accessed to the company's red team assessment tools. "None of the tools contain zero-day exploits," Mandia added.

He also wrote that it is not clear whether the attackers plan to use or publish the tools, but the company is making countermeasures to the red team tools available on GitHub.

Mandia wrote that the attackers sought information about the company's government customers, which he said is in line with the actions of a "nation-state cyber-espionage effort." The company so far has "seen no evidence that the attacker" stole data from the company's systems that house customer information.

The federal government is a major customer of FireEye. Agency customers past and present include Treasury, the Army and Navy, the Agency for International Development, the Environmental Protection Agency, Health and Human Services, the Department of Justice and more.

FireEye isn't the first cybersecurity vendor to suffer a serious intrusion, according to Crowdstrike co-founder and former chief technology officer Dmitri Alperovich.

"With the Fireeye breach news coming out, it's important to remember that no one is immune to this. Many security companies have been successfully compromised over the years, including Symantec, Trend, Kaspersky, RSA and Bit9," Alperovich said on Twitter. "Security companies are a prime target for nation-state operators for many reasons, but not least of all is ability to gain valuable insights about how to bypass security controls within their ultimate target."

About the Author

Justin Katz is a former staff writer at FCW.


  • Workforce
    White House rainbow light shutterstock ID : 1130423963 By zhephotography

    White House rolls out DEIA strategy

    On Tuesday, the Biden administration issued agencies a roadmap to guide their efforts to develop strategic plans for diversity, equity, inclusion and accessibility (DEIA), as required under a as required under a June executive order.

  • Defense
    software (whiteMocca/

    Why DOD is so bad at buying software

    The Defense Department wants to acquire emerging technology faster and more efficiently. But will its latest attempts to streamline its processes be enough?

Stay Connected