FireEye shares drop after company was hacked

New York

FIREEYE Inc, a prominent US cybersecurity company, acknowledged on Wednesday that it had been breached, probably by hackers from a foreign adversary. The attackers made off with sensitive tools that FireEye uses to find vulnerabilities in clients' computer networks.

The attackers were a "nation with top-tier offensive capabilities", said chief executive officer Kevin Mandia. He didn't identify the country suspected, but a person familiar with the incident said investigators believe hackers closely aligned with the Russian government were behind it.

The hackers "tailored their world-class capabilities specifically to target and attack FireEye", Mr Mandia said in a company blog on Tuesday. "They are highly trained in operational security and executed with discipline and focus."

FireEye's shares immediately fell after the news was announced, by as much as 9.8 per cent, in extended trading after closing at US$15.52 in New York.

It was the latest setback for a company whose stock peaked in 2014 at more than US$80 following the initial public offering the year before. For the past four years, FireEye shares have been stuck at about US$15.

The motive for the attack wasn't clear, and it wasn't certain that the hackers intended to swipe what are known as "red team tools" in the security community. Mr Mandia said the attackers "sought information related to certain government customers". However, while the hackers accessed "some of our internal systems", they didn't appear to steal customer data, he said.

Red team tools mimic the behaviour of hackers and enable FireEye to provide "diagnostic security services" to customers, Mr Mandia said. So far, the company hadn't seen evidence that anyone had used the tools in an attack. Dmitri Alperovitch, the co-founder and former chief technology officer of Crowdstrike, a FireEye competitor, said red team tools are built to bypass customer networks and can sometimes be more sophisticated than the ones used by hackers. That could make them potentially valuable for hackers seeking to infiltrate computer networks.

But Mr Alperovitch said the tools may not have been the only target. FireEye's customers include nation-states, large tech companies, energy conglomerates and defence firms. The FireEye breach could expose the intelligence company's clients to a similar fate - an adversary's infiltration, or possibly the sale of their secret data, said Mr Alperovitch.

The hack was discovered in recent weeks by FireEye when it found a suspicious login that had surpassed the two-factor authentication requirement on their virtual private network, according to the company. It is investigating the attack with the FBI and Microsoft Corp. It is also publishing information that can help neutralise the tools that were stolen. BLOOMBERG