American cybersecurity firm FireEye has suffered a data breach, which it has described as unprecedented. Announcing the news in a blog post, the company said the attack was perpetrated by a “highly sophisticated threat actor” – most likely a state-sponsored group.
It didn’t point any fingers, but it did say that whoever was behind the attack knew exactly what they were looking for. They managed to steal the company’s tool used for testing customer security, most likely going after customers from the public sector.
Describing the attack, the company said it was unlike anything they had seen before:
"Based on my 25 years in cyber security and responding to incidents, I've concluded we are witnessing an attack by a nation with top-tier offensive capabilities," said FireEye CEO Kevin Mandia.
“This attack is different from the tens of thousands of incidents we have responded to throughout the years,” he added.
FireEye is not yet sure if the criminals intend to use or just sell the stolen information on the black market. In any case, the firm claims to have deployed more than 300 countermeasures for its customers, to minimize the impact of the incident.
It was also said there was no evidence the attackers made it into the company's primary system, nor that they stole customer information from incident response or consulting engagements. The metadata that FireEye’s products gather also seems to be intact.
The FBI has been notified and an investigation is ongoing.