The CEO of FireEye, a cybersecurity company based out of California, suggested during an interview on Sunday that the culprit of the massive cyberattack was not yet officially known as he laid out the scope of the attack, which many experts have suggested could be among the worst in U.S. history.
FireEye CEO Kevin Mandia’s interview on CBS News’s “Face The Nation” comes after the company noticed that it had been hacked and, after investigating, discovered that the hackers breached the software company SolarWinds, which they used to gain access to U.S. government agencies and departments, as well as numerous private firms.
“There’s a lot of ways to look at this intrusion, and first and foremost, it’s different than other ones that we commonly respond to,” Mandia said. “We respond to over a thousand breaches a year. And what separates this is who did it, how they did it, and what they did when they got in.”
“This was not a drive-by shooting on the information highway,” Mandia continued. “This was a sniper round from somebody a mile away from your house. This was special operations. And it was going to take special operations to detect this breach. So the — how they did it was in a way that was utterly clandestine, very difficult to tell, and quite frankly, it was a backdoor into the American supply chain that separates this from thousands of other cases that we’ve worked throughout our careers.”
Mandia said that the attack started in October 2019 and that those responsible injected “malicious code” into the corrupted systems in March of this year.
Mandia tried to put the attack in perspective and appeared to suggest that it was not as massive as some were making it out to be.
“It’s important to note everybody says this is potentially the biggest intrusion in our history. The reality is the blast radius for this, I kind of explain it with a funnel. It’s true that over 300,000 companies use SolarWinds, but you come down from that total number down to about 18,000 or so companies that actually had the backdoor or malicious code on a network,” he said. “And then you come down to the next part. It’s probably only about fifty organizations or companies, somewhere in that zone, that’s genuinely impacted by the threat actor.”
When pressed about who he thinks was behind the attack, Mandia said, “I think that [it’s] definitely a nation behind this.”
“You just heard me say the attack started with a dry run in October of 2019. This wasn’t a ransomware attack, not a drive-by shooting where somebody breaks in and it’s kind of like a brick through your window, and it’s pretty obvious, hey, they broke in with a brick through the window and then they stole your jewels. This is more like a case where somebody came in through a trapdoor in your basement that you never knew about, put on an invisibility cloak, and you just got the sense they [were] in your networks, but you weren’t even sure how.”
He said that he thinks that the attack was consistent with what they see coming out of Russian intelligence, but added: “We’re going to get attribution right.”
“The amount of resources inside the government, inside the private sector, and the reach that we have, we can speculate it or we can do some more work and put a neon sign on the building of the folks that did this,” he said. “And I’m very confident as we continue the investigation, as it gets broader, as more people learn the tools, tactics, and procedures of this attack, we’re going to bring it back and we’re going to get attribution. Not ninety-two percent right, not consistent with, but a hundred percent. Let’s just get it right so that we can proportionately respond, period.”