FireEye Cybersecurity Giant Hacked by a State Intelligence Agency

The company did not inform who was responsible, but the investigations point to Russian military intelligence hackers.

Silicon Valley cybersecurity company FireEye revealed Tuesday that its systems had been hacked by what it called "a nation with world-class offensive capabilities." According to New York Times, the company said the hackers - presumably Russian - used "novel techniques" to create their own "toolkit", which could be a useful method for mounting new attacks around the world.

International media called the cyberattack "impressive" and claimed that it could be an act of revenge against FireEye. Since for years, the firm was the first place to go to both government agencies and companies from around the world that had suffered the most sophisticated hacker attacks.

Indeed, the company, valued at $ 3.5 billion, is in part dedicated to identifying the culprits of some of the world's most audacious data thefts (its clients include Sony and Equifax).

In its Tuesday info on the attack, FireEye declined to say who was responsible. But the description of the intrusion and the fact that the FBI has turned the case over to its specialists in Russia leave little doubt as to who are the main suspects.


According to the investigative report, the hackers were looking for what the company called the "Red Team tools." These are the digital tools that reproduce the world's most sophisticated hacking tools.

FireEye uses these tools with the permission of a client company or government agency to search for vulnerabilities in their systems. Most of them are based on a digital vault that the company closely protects.

The largest security attack against the United States since 2016

The leak raises the possibility that Russian intelligence agencies have taken advantage of the fact that American attention, including that of FireEye, was focused on protecting the presidential election system in the United States.

At a time when the nation's public and private intelligence systems were looking for violations of voter registration systems or voting machines, a good time presented itself for Russian agencies, which were involved in the interference of the 2016 elections, focus on other goals.

The hack was the largest theft of cybersecurity tools since those from the National Security Agency were stolen in 2016 by an as-yet-unidentified group calling itself ShadowBrokers. That group published such National Security Agency tools online for several months, thus handing nation-states and hackers the “keys to the digital realm,” as it was once defined.



North Korea and Russia eventually used stolen NSA weaponry in attacks on government agencies, hospitals, and the world's largest conglomerates, incurring losses of more than $ 10 billion.

According to US media, the NSA tools were likely more useful than FireEye's, as the US government builds specially designed digital weapons. But the FireEye Red Team tools are essentially built from malware that the company has seen used in a wide range of attacks.

Hackers could take advantage of FireEye tools to hack risky, high-profile targets with room to deny any liability, said Patrick Wardle, a former NSA hacker who is now a principal security researcher at a software company stated. 

The attack on FireEye possibly marks a negative mark for the company. The hackers did their best to avoid being seen, creating several thousand Internet protocol addresses that had never been used in attacks before - many of them in the United States.

The attack on FireEye is different from the ordinary security breach

This attack is different from the tens of thousands of incidents we have responded to over the years, said Kevin Mandia, CEO of FireEye.

Mr. Mandia, a former Air Force intelligence officer, said the attackers tailored their global capabilities specifically to target and attack FireEye, adding that they appeared to be highly trained in operational security and demonstrated the discipline and focus, while they moved clandestinely to escape detection by security tools.

Google, Microsoft, and other firms conducting cybersecurity research said they had never seen some of these techniques.

Go back