“We are witnessing an attack by a nation with top-tier offensive capabilities,” FireEye CEO Kevin Mandia said in a blog post Tuesday that didn’t name Russia. “The attackers tailored their world-class capabilities specifically to target and attack FireEye.”

The firm went public with the incident to ensure that its 9,600-plus customers and the cybersecurity industry were aware and could take steps to ensure that they won’t be breached with the stolen tools. The tools are used by FireEye “red teams” to test a company’s cyber defenses.

The FBI is investigating the incident, Mandia said, adding that Microsoft is assisting.

“Security companies are one of the top targets of nation-state operators and many have been successfully compromised over the years, including Kaspersky, RSA and Bit9,” said Dmitri Alperovitch, who co-founded a leading cyber firm, CrowdStrike, and is chairman of the Silverado Policy Accelerator think tank.

“The primary goals of these operations are typically to get access to capabilities that would make it easier for them to hack companies all over the world,” he said. “It is impressive how transparent FireEye has been at disclosing the breach, the details of what happened and providing mitigations for their stolen ‘red team’ tools to help minimize the chance of others getting compromised as a result of this incident.”

Mandia said FireEye has seen no evidence that any attacker to date has used the stolen tools. Nonetheless, he said, the firm has developed more than 300 countermeasures for its customers to help shield them from attack.

Consistent with a nation-state espionage effort, the attacker primarily sought information related to certain government customers, Mandia said.

At this point, he said, although the hackers were able to access internal systems, the firm has seen no evidence that they removed data from primary systems that store customer information.

The attacker made off with a significant number but not all of the firm’s tools, said a person familiar with the investigation. The attacker set up servers “solely for a breach into FireEye,” the person said, calling it a “sniper shot.”

FireEye has skilled people developing its red team tools by building off techniques observed in incidents and publicly available capabilities. None of the tools used “zero days” or previously unknown exploits that help a hacker compromise a system. “These would be tools primarily we’ve seen used by attackers that we want to emulate,” the person said, also speaking on the condition of anonymity because of the matter’s sensitivity.

The motive behind the breach is unclear. Besides obtaining hacking tools, a nation-state might also have wanted to learn what FireEye knows about its capabilities and adjust its techniques accordingly, or it could study the tools for weaknesses that can be exploited, said Gregory Touhill, president of AppGate Federal Group and former federal chief information security officer.