Hackers attempted to troll FireEye CEO Kevin Mandia with a postcard that called into question the company’s ability to attribute cyberattacks to the Russian government, Reuters reported.
The FBI is investigating a mysterious postcard sent to Mandia’s home days after FireEye found initial evidence of a suspected Russian hacking operation on U.S. government agencies and private businesses, according to Reuters. Federal officials said Jan. 5 that a Russian Advanced Persistent Threat (APT) group is likely behind colossal hacking campaign, but FireEye hasn’t publicly attributed the attack to Russia.
U.S. officials familiar with the postcard are investigating whether it was sent by people associated with a Russian intelligence service due its timing and content, according to Reuters. This suggests Russian intelligence officials had internal knowledge of the massive hack well before it was publicly disclosed in December, Reuters said. FireEye declined to comment to CRN on the Reuters report.
[Related: Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack]
The postcard did not on its own help FireEye find the breach, but rather arrived in the early stages of the threat intelligence vendor’s investigation, Reuters said. This led people familiar with the card to believe the sender was attempting to discourage further inquiry by intimidating a senior executive. Reuters said U.S. law enforcement and intelligence agencies are spearheading a probe into the postcard’s origin.
FireEye blew the lid off the hacking campaign Dec. 8 when the company disclosed that it was breached in an attack designed to gain information on some of the company’s government customers. Before entering the corporate world, Mandia spent six years in the U.S. Air Force, where he was a computer security officer at the Pentagon and a special agent in the Air Force Office of Special Investigations.
A person familiar with the postcard investigation told Reuters actions like these aren’t typically in the playbook of Russia’s foreign intelligence service, or APT29, but noted that “times are rapidly changing.” The U.S. Cyber Command sent private messages to Russian hackers ahead of…