protect customers and others from them and
was making them immediately available.
FireEye has been at the forefront of investigating
state-backed hacking groups, including
Russian groups trying to break into state and
local governments in the U.S. that administer
elections. It was credited with attributing to
Russian military hackers mid-winter attacks
in 2015 and 2016 on Ukraine’s energy grid.
Its threat hunters also have helped social
media companies including Facebook identify
malicious actors.
Thomas Rid, a Johns Hopkins cyberconflict
scholar, said that if the Kremlin were behind
the hack it could have been seeking to learn
what FireEye knows about Russia’s global state-
backed operations — doing counterintelligence.
Or it might have seeking to retaliate against
the U.S. government for measures including
indicting Russian military hackers for
meddling in the 2016 U.S. election and other
alleged crimes. FireEye is, after all, a close U.S.
government partner that has “exposed many
Russian operations,” he said.
FireEye said it is investigating the attack in
coordination with the FBI and partners including
Microsoft, which has its own cybersecurity
team. Mandia said the hackers used “a novel
combination of techniques not witnessed by us
or our partners in the past.”
Matt Gorham, assistant director of the FBI’s
cyber division, said the hackers’ “high level
of sophistication (was) consistent with a
nation state.”
The U.S. government is “focused on imposing risk
and consequences on malicious cyber actors, so
Image: Lino Mirgeler