Picture: 123RF/GLEB STOCKWashington/San Francisco/ — FireEye, a prominent US cybersecurity company, has acknowledged that it has been breached, probably by hackers from a foreign adversary. The attackers made off with sensitive tools that FireEye uses to find vulnerabilities in clients’ computer networks.
By Wednesday morning, FireEye’s shares had fallen as much as 14% in extended trading after closing at $15.52 in New York. Red team tools mimic the behaviour of hackers and enable FireEye to provide “diagnostic security services” to customers, Mandia said. So far, the company hadn’t seen evidence that anyone had used the tools in an attack. Dmitri Alperovitch, the co-founder and former chief technology officer of CrowdStrike, a FireEye competitor, said red team tools are built to bypass customer networks and can sometimes be more sophisticated that the ones used by hackers.
FireEye, with more than 3,000 employees and $889m in revenue last year, is one of the relatively few cybersecurity firms with enough threat intelligence and expertise to routinely and reliably attribute attacks to high-profile hackers, including the governments of Russia, China, Iran and North Korea.
Matt Gorham, assistant director of FBI’s cyber division, said preliminary indications “show an actor with a high level of sophistication consistent with a nation state”. The case has similarities to a breach of the US National Security Agency, when hackers stole US cyberweapons and a mysterious group known as the “shadow brokers” published them online, starting in 2016.In 2011, RSA offered to replace its then popular SecurID tokens after it revealed that its network was breached.