FBI probes Russian-linked postcard sent to FireEye CEO after cybersecurity firm uncovered hack – sources

Spread the love

The FBI is investigating a mysterious postcard sent to the home of cybersecurity firm FireEye’s chief executive days after it found initial evidence of a suspected Russian hacking operation on dozens of U.S. government agencies and private American companies.

U.S. officials familiar with the postcard are investigating whether it was sent by people associated with a Russian intelligence service due its timing and content, which suggests internal knowledge of last year’s hack well before it was publicly disclosed in December.

Moscow has denied involvement in the hack, which U.S. intelligence agencies publicly attributed here to Russian state actors.

The postcard carries FireEye’s logo, is addressed to CEO Kevin Mandia, and calls into question the ability of the Milpitas, California-based firm to accurately attribute cyber operations to the Russian government.

People familiar with Mandia’s postcard summarized its content to Reuters. It shows a cartoon with the text: “Hey look Russians” and “Putin did it!”

The opaque message itself did not help FireEye find the breach, but rather arrived in the early stages of its investigation. This has led people familiar with the matter to believe the sender was attempting to “troll” or push the company off the trail by intimidating a senior executive.

READ ALSO:  Snap reveals TikTok-like feature called Spotlight, will offer $1M daily to the most popular creators

Reuters could not determine who sent the postcard. U.S. law enforcement and intelligence agencies are spearheading the probe into its origin, the sources familiar said.

The FBI did not provide comment. A FireEye representative declined to discuss the postcard.

A disinformation researcher from the Rand Corporation, Todd Helmus, received a similar postcard in 2019, based on an image of it Helmus posted to Twitter. Helmus, who studies digital propaganda, said he received the postcard after testifying to Congress about Russian disinformation tactics.

FireEye discovered the Russian hacking campaign – now known as “Solorigate” for how it leveraged supply chain vulnerabilities in network management firm Solarwinds – because of an anomalous device login from within FireEye’s network. The odd login triggered a security alert and subsequent investigation, which led to the discovery of the operation.

FireEye worked closely with Microsoft to determine that the infiltration at FireEye in fact represented a hacking campaign that struck at least eight federal agencies including the Treasury, State and Commerce Departments.

READ ALSO:  CD Projekt Red used AI to lip-sync Cyberpunk 2077's dialogue across 10 languages

When the postcard was sent, FireEye had not yet determined who was behind the cyberattack. A person familiar with the postcard investigation said “this is not typically the Russian SVR’s playbook” but “times are rapidly changing.” SVR is an acronym for the Foreign Intelligence Service of Russia.

A former U.S. intelligence official said the postcard reminded him of a now public mission by U.S. Cyber Command where they sent private messages to Russian hackers ahead of the 2018 congressional elections in the United States.

“The message then from the U.S. was ‘watch your back, we see you’ similar to here,” the former official said.

The extent of the damages tied to the U.S. government hack remains unclear. Emails belonging to senior officials were stolen from an unclassified network at the Treasury and Commerce Departments.

 158 

RECOMMENDED READ:
Growing concern in Israel over appointment of Malley as US rep. to Iran

The Jewish anti-Israel co-head of the radical left-wing group Code Pink, Ariel Gold, supports the appointment of Robert Malley as Read more

Joe Biden’s rabbi on his connection to Jews, leadership and Israel

To really understand US President Joe Biden, his connection to the Jewish community, his style of leadership, and what it Read more

Biden envoy: US to reopen diplomatic missions for Palestinians

The United States plans to reopen the diplomatic missions for the Palestinians, US envoy Richard Mills told the UN Security Read more

Leave a Reply