Unique: FBI probes Russian-linked postcard despatched to FireEye CEO after cybersecurity agency uncovered hack
By Christopher Bing
(Reuters) – The FBI is investigating a mysterious postcard sent to the home of cybersecurity firm FireEye (NASDAQ 🙂 days after the first sign of a suspected Russian hacking operation to dozens of US government agencies and private American companies.
US officials familiar with the postcard are investigating whether, based on its timing and content, it was sent by people connected to a Russian secret service. This suggests internal knowledge of last year’s hack, long before it was publicly announced in December.
Moscow has refused to participate in the hack that US intelligence agencies publicly attributed to Russian state actors https://www.reuters.com/article/idUSKBN29G0XT.
The postcard bears the FireEye logo, is addressed to CEO Kevin Mandia, and questions the Milpitas, California-based company’s ability to pinpoint cyber operations by the Russian government.
People who are familiar with Mandia’s postcard summarized the content in Reuters. It shows a cartoon with the text: “Hey look, Russians” and “Putin did it!”
The opaque message itself did not help FireEye locate the violation, but arrived in the early stages of its investigation. This has led those familiar with the matter to believe that the sender was attempting to “troll” or detract from the company by intimidating an executive.
Reuters couldn’t find out who sent the postcard. US law enforcement and intelligence agencies are leading the probe to its source, according to known sources.
The FBI made no comment. A FireEye representative declined to discuss the postcard.
A disinformation researcher at Rand Corporation, Todd Helmus, received a similar postcard in 2019 based on a picture of it that Helmus posted on Twitter. Helmus, who studies digital propaganda, said he received the postcard after testifying about Russian disinformation tactics in front of Congress.
FireEye discovered the Russian hacking campaign – now known as “Solorigate” – for exploiting supply chain vulnerabilities in the network management company Solarwinds due to an anomalous device login within the FireEye network. The odd logon triggered a security alert and subsequent investigation, which led to the discovery of the incident.
FireEye worked closely with Microsoft (NASDAQ 🙂 to determine that the FireEye infiltration was indeed a hacking campaign that affected at least eight federal agencies, including the Treasury, State, and Commerce.
When the postcard was sent, FireEye had not yet determined who was behind the cyber attack. One person familiar with the postcard investigation said, “This is usually not the Russian SVR’s playbook,” but “times are changing quickly.” SVR is an abbreviation for Foreign Intelligence Service of Russia.
A former US intelligence official said the postcard reminded him of a now public US Cyber Command mission that sent private messages to Russian hackers ahead of the 2018 US congressional elections.
“The message from the United States at the time was: ‘Take care, we will see you’, similar to the one here,” said the former official.
The extent of the damage connected with the US government hack remains unclear. Emails from senior officials were stolen from an unclassified network of finance and commerce departments.
Disclaimer: Fusion Media would like to remind you that the information contained on this website is not necessarily real or accurate. All CFDs (stocks, indices, futures) and Forex prices are not provided by exchanges, but by market makers. As a result, prices may not be accurate and may differ from the actual market price. This means that the prices are indicative and not suitable for trading purposes. Therefore, Fusion Media is not responsible for any trading loss you may incur as a result of using this information.
Fusion Media or anyone involved with Fusion Media assumes no liability for any loss or damage caused by reliance on the information contained on this website, such as data, offers, charts and buy / sell signals. Please be fully informed about the risks and costs associated with trading in the financial markets. This is one of the riskiest forms of investment possible.