FireEye said the attacker accessed some internal systems and primarily sought information about government clients.

Photo: beck diefenbach/Reuters

WASHINGTON—U.S.-based FireEye Inc., FEYE 0.71% one of the world’s largest cybersecurity firms, was hacked in what it said was a highly sophisticated foreign-government attack that compromised its software tools used to test the defenses of its thousands of customers.

The company said the attacker also accessed some internal systems and primarily sought information about government clients. FireEye said it has seen no evidence so far that data belonging to its customers had been compromised from the primary systems used to store it.

FireEye declined to comment on who it believed was behind the breach. A person familiar with the matter said Russia is currently seen by investigators as the most likely culprit but stressed that the investigation was continuing.

“I’ve concluded we are witnessing an attack by a nation with top-tier offensive capabilities,” Kevin Mandia, the chief executive at FireEye and a former Air Force officer, said in a blog post published Tuesday. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”

FireEye said it was working with the Federal Bureau of Investigation and industry partners, including Microsoft Corp. , in a continuing investigation into the incident.

The FBI didn’t immediately respond to a request for comment. Mr. Mandia said the federal investigators shared the company’s view that the breach was the work of a sophisticated foreign government.

People familiar with the investigation said the hackers were disciplined and used a rare combination of sophisticated attack tools, some of which apparently hadn’t been previously used in any known attacks on other victims—an unusual sign of sophistication and resolve—and were specifically dedicated to compromising FireEye.

“This was a sniper shot that got through,” a person familiar with the investigation said.

Based in California, FireEye is among the world’s largest cybersecurity companies, with more than a dozen offices around the world and thousands of employees. The company has been seen as an industry pioneer in detecting and responding to cyberattacks carried out by foreign governments, such as China and Iran, and has often publicly linked prolific hacking groups to specific foreign intelligence services.

In his blog post, Mr. Mandia said investigators were unsure what the hackers intended to do with its compromised “Red Team tools,” which are used by cybersecurity companies to probe the defenses of their customers and identify possible vulnerabilities that can be attacked. He said more than 300 countermeasures had been taken to protect customers and the broader internet community and that so far there was no evidence any of the stolen Red Team tools had been used.

It wasn’t clear when the breach took place or exactly when FireEye was alerted to it, and people familiar with the investigation said the company wasn’t certain how the assailants broke into its systems.

Dmitri Alperovitch, a cybersecurity expert who was briefed on details of the breach, said other security companies, such as RSA and Kaspersky Lab, had been compromised in the past by government hackers.

“They do this to gain insights that can help them defeat security countermeasures and enable hacking of organizations all over the world,” said Mr. Alperovitch, co-founder of the Silverado Policy Accelerator think tank and a former executive at CrowdStrike, a cybersecurity firm that competes with FireEye. “With FireEye rapidly coming forward and transparently disclosing what happened to them, as well as disclosing the Red Team tools stolen by the adversaries, they are helping to minimize the chances of others getting compromised as a result of this breach.”

Because they are trusted with a level of network access by their customers, cybersecurity companies are an appealing target for hackers who in turn can leverage their access to break into systems that belong to clients. In 2011, the vendor RSA Security LLC was breached by hackers that the National Security Agency linked to China, which denied involvement. The point of the hack, security experts believe, was to gain access to RSA’s encryption technology, which could then be used in attacks on its clients.

“Over a two-week period they were in there, it was a cat-and-mouse game,” RSA’s former chief executive, Art Coveilo told The Wall Street Journal last year. RSA eventually called Mandiant to investigate the hack. RSA didn’t immediately respond to an email seeking comment.

Copyright ©2020 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8

This post first appeared on wsj.com

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

U.S. Retail Sales Fell 1.9% in December

U.S. retail sales dropped by 1.9% in December as the Covid-19 Omicron…

Roblox Files to Go Public Amid Surge in Videogame Spending

Videogame company Roblox Corp. has filed to go public at a time…

Detroit synagogue president found fatally stabbed outside her home

A Detroit synagogue president was found fatally stabbed outside her home Saturday…

TikTok CEO Seeks to Convince Congress App Isn’t Security Threat

Politics National Security A stumble by Shou Zi Chew ‘will increase calls…