FireEye, one of the nation’s leading cybersecurity firms, has shared details of a hack targeting its “Red Team” tools, which it uses to test customers’ security. The firm said there is concern that the hackers could publicly release the tools they accessed or use them to carry out other attacks.
In a blog post, FireEye CEO Kevin Mandia said the attack was “different from the tens of thousands of incidents we have responded to throughout the years.”
“The attackers tailored their world-class capabilities specifically to target and attack FireEye. They are highly trained in operational security and executed with discipline and focus,” Mandia wrote. “They operated clandestinely, using methods that counter security tools and forensic examination. They used a novel combination of techniques not witnessed by us or our partners in the past.”
Russia reportedly a suspect
FireEye said it doesn’t currently have evidence that any customer information was taken.
Although the company didn’t say in its report who it believes is responsible for the attack, the Wall Street Journal reported that state-sponsored Russian hackers are a likely suspect. A source familiar with the matter told the Journal that Russia is currently being viewed by investigators as “the most likely culprit.”
“Moscow’s foreign-intelligence service, known as the SVR and one of two Russian groups that hacked the Democratic National Committee ahead of the 2016 presidential election, is believed to be responsible, the person said,” according to the Journal.
FireEye didn’t specify when the hack took place or when it became aware of it. The hack is currently being investigated by FireEye, as well as the FBI and industry partners like Microsoft.
Since becoming aware of the attack, FireEye said it’s developed hundreds of countermeasures that can detect or block the use of any of its stolen tools. The firm said it has integrated the measures into its own security products and shared them with “colleagues in the security community.”
FireEye said it will “continue to share and refine any additional mitigations for the Red Team tools as they become available.”