
Hackers attempted to troll FireEye CEO Kevin Mandia with a postcard that called into question the company’s ability to attribute cyberattacks to the Russian government, Reuters reported.
The FBI is investigating a mysterious postcard sent to Mandia’s home days after FireEye found initial evidence of a suspected Russian hacking operation on U.S. government agencies and private businesses, according to Reuters. Federal officials said Jan. 5 that a Russian Advanced Persistent Threat (APT) group is likely behind colossal hacking campaign, but FireEye hasn’t publicly attributed the attack to Russia.
U.S. officials familiar with the postcard are investigating whether it was sent by people associated with a Russian intelligence service due its timing and content, according to Reuters. This suggests Russian intelligence officials had internal knowledge of the massive hack well before it was publicly disclosed in December, Reuters said. FireEye declined to comment to CRN on the Reuters report.
[Related: Kevin Mandia: 50 Firms ‘Genuinely Impacted’ By SolarWinds Attack]
The postcard did not on its own help FireEye find the breach, but rather arrived in the early stages of the threat intelligence vendor’s investigation, Reuters said. This led people familiar with the card to believe the sender was attempting to discourage further inquiry by intimidating a senior executive. Reuters said U.S. law enforcement and intelligence agencies are spearheading a probe into the postcard’s origin.
FireEye blew the lid off the hacking campaign Dec. 8 when the company disclosed that it was breached in an attack designed to gain information on some of the company’s government customers. Before entering the corporate world, Mandia spent six years in the U.S. Air Force, where he was a computer security officer at the Pentagon and a special agent in the Air Force Office of Special Investigations.
A person familiar with the postcard investigation told Reuters actions like these aren’t typically in the playbook of Russia’s foreign intelligence service, or APT29, but noted that “times are rapidly changing.” The U.S. Cyber Command sent private messages to Russian hackers ahead of the 2018 congressional elections along the lines of ‘watch your back, we see you,’ a former U.S. intelligence official told Reuters.
Rand Corp. disinformation researcher Todd Helmus received a postcard similar to Mandia’s in March 2019 after testifying at the U.S. Senate Select Committee on Intelligence the year prior. “It‘s so nice to receive an actual post-card these days,” Helmus said on Twitter Monday afternoon following publication of the Reuters story. “I’m actually heartened that the Russians would think of me.”
One side of the postcard Helmus received depicts a man reading a newspaper article about the income gap and saying “It’s the worst income inequality in 100 years.” In response, a large man in a suit with a pocket square and cigar who is labeled as “the 1%” points a finger in a different direction and says “Hey look! Russians!”
Russian trolls #IRL? Received this card today in the mail. I think the Russians know that I don’t check my Twitter account often. pic.twitter.com/dydVaNmIsf
— Todd Helmus (@Helmus) March 15, 2019
The other side of the postcard depicts a parrot in a cage telling a forlorn man holding a newspaper, a boy, a dog and a cat “Putin did it!” People familiar with Mandia’s postcard told Reuters it had the same caption as Helmus’ but carried FireEye’s logo and was addressed to CEO Kevin Mandia.
Mandia has been front and center since this story broke, authoring a Dec. 8 blog that disclosed FireEye had been hacked and a Dec. 13 blog tying the campaign to the insertion of malicious code in SolarWinds Orion. Since then, Mandia has appeared everywhere from CBS’ Face the Nation on Dec. 20 to NPR’s All Things Considered on Dec. 21 to a Jan. 7 Aspen Institute panel alongside U.S. Sen. Mark Warner, D-Va.
related stories
Video
trending stories
sponsored resources

OutSystems
Modern Application Development 360

Symantec
Symantec Business Security Learning Center

HP Amplify™ - A Simplified Global Program for the Customer-Driven Digital Age
HP Inc.

Dell Technologies
Dell Technologies Cloud Learning Center

NPD
Industry Trends 360

EPOS
EPOS

Smart 3rd Party
3rd Party Maintenance 360

Products of the Year Showcase

Cysurance
Cyber Insurance 360

Dell Technologies
Dell Technologies Storage Learning Center

BlackBerry
BlackBerry Learning Center

Spectrum Partner Program
Spectrum Partner Program

ADT
Network Security 360

Dell Technologies
Dell Technologies Server Learning Center

WatchGuard
WatchGuard

APC by Schneider Electric
IoT Platforms 360

Tenable
Cyber Risk 360

Dell Technologies
Dell Technologies Hybrid Cloud Learning Center

StorageCraft
Disaster Recovery Learning Center

Wasabi
Wasabi

Webroot
Webroot Learning Center
