Top Cyber Firm, FireEye, Says It's Been Hacked By A Foreign Govt.

Dec 9, 2020
Originally published on December 9, 2020 7:16 am

When governments or companies around the world get hacked, the cyber-security firm FireEye often gets called to come in and investigate.

But the California-based company said Tuesday that its own cyber defenses suffered a major breach by what it believes was a "state-sponsored attack."

FireEye didn't name a country, but some media reports said suspicion immediately fell on Russia and its intelligence services.

"Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," Kevin Mandia, the company's chief executive, said in a statement.

"The attackers tailored their world-class capabilities specifically to target and attack FireEye," he added. "They used a novel combination of techniques not witnessed by us or our partners in the past."

The U.S. intelligence community and private cyber security firms said stepped up efforts protected last month's U.S. elections from any significant foreign interference.

Some government officials and private analysts speculated that the increased vigilance may have deterred Russia from attempting the kind of large-scale effort it carried out in 2016 election. But they also warned that Russia and others were no doubt probing for other valuable targets during the election season.

"The hack of a premier cybersecurity firm demonstrates that even the most sophisticated companies are vulnerable to cyberattacks," said Sen. Mark Warner of Virginia, the ranking Democrat on the Senate Intelligence Committee. "I applaud FireEye for quickly going public with this news."

Valuable tools stolen

FireEye did not say when it uncovered the breach. But it acknowledged that the intruders stole some of the companies so-called Red Team tools, which it uses to test for vulnerabilities in the computer networks of its customers.

"These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers," Mandia wrote. "Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools."

The company said it has seen no evidence that the attacker has used the Red Tools against other targets.

Still, the theft set off alarm bells about potential attacks that could be looming.

"As one of the world's go-to cybersecurity firms, FireEye has a ringside seat for some of the most sophisticated breaches carried out worldwide," said Mike Chapple, a former computer scientist at the National Security Agency who now teaches at the University of Notre Dame's Mendoza College of Business.

He compared the breach to a 2016 theft by a group called the Shadow Brokers, which stole cyber attack tools from the NSA and "sought to auction them off to the highest bidder. The subsequent release of code stolen during this breach led to the compromise of hundreds of thousands of computers around the world."

FireEye said the cyber thieves "primarily sought information related to certain government customers." The company did not name them, but it has worked extensively with U.S. government agencies as well as foreign governments.

The company said it was working with the FBI to help determine who was responsible.

Copyright 2020 NPR. To see more, visit