US cyber security group FireEye said on Tuesday that it had suffered a major cyber attack, most likely conducted by state-sponsored hackers, who stole powerful hacking tools the company uses to test the systems of its clients.
Shares in the Silicon Valley company sank almost 8 per cent in after-hours trading after it detailed what it believed to be a carefully targeted operation.
The company said the attackers gained access to its internal systems and “primarily sought information related to certain government customers”, but did not appear to have stolen its clients’ data.
The attackers did successfully obtain the tools used by FireEye’s “red team”, a group of staff members who hack into customers’ networks in order to highlight vulnerabilities, it said.
The company declined to attribute the attack to any country, but said that it had concluded that it was conducted by a “nation with top-tier offensive capabilities”.
The news marks a rare and embarrassing instance of a well-known cyber security vendor being breached itself, and raises the possibility that the hackers will now be able to wield the red team tools to attack others.
FireEye said it had no evidence that the stolen tools had been used by the attackers, but was publishing more than 300 “countermeasures” to help its customers and others protect themselves.
It added that none of the stolen tools contained so-called zero-day exploits — weaknesses that have never been publicly identified and for which there are no fixes.
FireEye said it was investigating the hack with the help of the FBI and other groups, including Microsoft.
“Based on my 25 years in cyber security and responding to incidents, I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” said Kevin Mandia, FireEye’s chief executive.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years. They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
Matt Gorham, assistant director of the FBI’s cyber division, said the agency was investigating the incident and had found that the level of sophistication was “consistent with a nation state”.
Additional reporting by Kadhim Shubber in Washington