FireEye – the Milpitas California Cybersecurity company that got hit by a major cyber attack has the Federal Bureau of Investigation examining the hacking possibility they encountered. The FBI eventually picked a trail – a “mysterious postcard” directed to the Cybersecurity company’s chief executive, Kevin Mandia.
The law enforcement agency had to re-examine the postcard to unpuzzle the clandestine relation linked to who orchestrated the attack.
The FBI discovers a card sent to Mandia’s home address a few days after finding traces of evidence connected to U.S. private companies and government agencies. The FBI believes the postcard trick depicts a potential Russian hack operation.
Due to the frequent reoccurrence of cyber-attacks targeted at American Security companies, officials aware of the postcard Mandia received are quite suspicious of its content and timing, which serves as a benefit of the doubt that the Russians Intelligence service could have orchestrated the attacks.
The Russian government denied masterminding the U.S. recent hacks, whereas the American intelligence agency had already disclosed that the Russians are guilty with evidence.
The contents of the postcard directed to Kevin Mandia’s home also included FireEye’s logo. Security experts have questioned the vulnerabilities of a high profiled security company about being this accessible by unauthorized parties.
Aside from the visible FireEye logo on the postcard, another cartoon image with a text displayed the: “Hey look Russians” and “Putin did it!”
Although the postcard message was unclear and could not be relatively directed to the mastermind of FireEye’s hack, and to make things easier, the card arrived at the beginning of the investigation.
Aside from the hacking victim and the intelligence agency, no one knows who issued the postcard or the cyber-attacks.
Security experts on FireEye’s Kevin Mandia’s postcard believe that the sender intended to “troll” or disinformation to mislead the research, or possibly aimed to ridicule a senior executive at the Cybersecurity company.
However, neither did the FBI nor the Cybersecurity company disclosed information about the findings they discovered on the postcard.
FireEye’s postcard case is the reoccurrence of a similar issue involving Rand Corporation in 2019. Todd Helmus, a disinformation researcher at the nonprofit research organization – he studies digital propaganda for a living.
Two years ago, after he testified about the “Russian disinformation tactics” at the Congress meeting, he received a postcard – and due to its timing and content, the law enforcement believed the Russians were the potential addressee.
FireEye and the FBI discovered traces of evidence – based on their follow-up, the trails proved an existing Russian hack campaign. The hack tool the Russian hack community dubbed “Solorigate” – the same malware is reported to have infested the network management company’s supply chain weaknesses, SolarWind.
Due to the strange device login pre-installed in FireEye’s network, they could detect the Russian malware. The peculiar device mechanism is designed with high sensitivity, whereas an odd login triggered FireEye’s security alert.
Remember, investigations are based on lucid and opaque trails – the “odd login” is among many other pieces of evidence that prove existing Russian hack operations.
The victim, FireEye, initially had to consort with Microsoft Corp to ascertain the individual or group that masterminded the cyberattack at the Cybersecurity company that stretched further to hack eight other federal agencies, including the State, Commerce, and Treasury Departments that left confidential information and tools missing.