Prominent US cybersecurity firm FireEye said Tuesday that foreign government hackers with “world-class capabilities” broke into its network and stole offensive tools it uses to probe the defenses of its thousands of customers, who include federal, state, and local governments and top global corporations. The hackers “primarily sought information related to certain government customers,” FireEye CEO Kevin Mandia said in a statement, without naming them. He said there was no indication they got customer information from the company's consulting or breach-response businesses or threat-intelligence data it collects, the AP reports. FireEye is a major cybersecurity player—it responded to the Sony and Equifax data breaches and helped Saudi Arabia thwart an oil industry cyberattack—and has played a key role in identifying Russia as the protagonist in numerous aggressions in the burgeoning netherworld of global digital conflict.
Neither Mandia nor a FireEye spokeswoman said when the company detected the hack or who might be responsible. But many in the cybersecurity community suspect Russia. “I do think what we know of the operation is consistent with a Russian state actor," said former NSA hacker Jake Williams, president of Rendition Infosec. “Whether or not customer data was accessed, it’s still a big win for Russia.” FireEye's Mandia said he had concluded that "a nation with top-tier offensive capabilities” was behind the attack. The stolen “red team” tools—which amount to real-world malware—could be dangerous in the wrong hands. FireEye said there’s no indication they have been used maliciously. But cybersecurity experts say sophisticated nation-state hackers could modify them and wield them in the future against government or industry targets. (Much more on next steps and what this could mean.)