House Intelligence Committee Chairman Adam Schiff (D-Calif.) on Tuesday evening said he has requested a briefing by U.S. intelligence agencies regarding FireEye’s [FEYE] disclosure earlier in the day that it had been hacked by a sophisticated nation-state threat actor who stole tools the company uses to test the security of its customers’ networks.
Schiff wants the “relevant intelligence agencies to brief the committee in the coming days about this attack, any vulnerabilities that may arise from it, and actions to mitigate the impacts,” he said in a statement.
“Foreign actors have not stopped attacking our country and its critical and cybersecurity infrastructure since 2016,” Schiff said. “In fact, they’ve continued, grown more sophisticated and only have to succeed once, while the U.S. government and companies alike have to pitch a perfect game. This news about FireEye is especially concerning because reportedly a nation-state actor made off with advanced tools that could help them mount future attacks.”
Kevin Mandia, FireEye’s CEO, disclosed the theft of his company’s red teaming tools in a blog post. A subsequent Washington Post report attributed the hack to Russian intelligence.
Mandia said the “attack by a nation with top-tier offensive capabilities” was “tailored” to hit FireEye specifically and “They used a novel combination of techniques not witnessed by us or our partners in the past.” He added that the information the hacker was after is “related to certain government customers.”
An investigation into the attack is ongoing in coordination with the FBI, Microsoft [MSFT] and others and “Their initial analysis supports our conclusion that this was the work of a highly-sophisticated state-sponsored attacker utilizing novel techniques,” Mandia wrote on the company’s website.
There is no evidence that any data was stolen related to customer information “or the metadata collected by our products in our dynamics threat intelligence systems,” he said.
FireEye has developed more than 300 countermeasures for its customers to help thwart attacks by the stolen tools and the company hasn’t seen that the tools have been used, Mandia said. He added that the countermeasures are being shared with the “security community so that they can update their security tools.”
In a separate blog post, the company provided an overview of its stolen red team tools and included a link to the countermeasures.