Mandia: Russian State Hackers Changed The Game

Founder of Mandiant and FireEye CEO says Russia doesnt appear to want to cover its tracks anymore.

WASHINGTON, DC – Russias leak of emails it hacked from the Democratic National Committee and Clinton campaign chairman John Podesta during the US presidential campaign came as a shock to FireEye CEO Kevin Mandia.
It takes a lot to surprise the seasoned Mandia, whose incident response firm Mandiant was acquired by FireEye nearly three years ago and who has been investigating and studying Russian nation-state breaches since the 1990s. In an interview at FireEyes Cyber Defense Summit here today, Mandia said the recent Russian state-sponsored attacks and leaking of information were a gamechanger in cyber espionage tradecraft.
The doxing shocked me. Im fascinated by it, he said. Its part of a major shift in Russias nation-state hacking machine, according to Mandia.
Of the around two dozen breaches FireEye currently is investigating, Russian state hackers are behind many of them; in the double digits, Mandia said. Even more chilling than the relative volume of attacks, however, is how dramatically Russia has changed its cyber espionage modus operandi over the past two years.
Mandia said the big shift began in the fall of 2014. Suddenly, they [Russian state actors] didnt go away when we responded to their attacks, he said. Historically, the attackers would disappear as soon as they were found: The Russian rules of engagement were when we started a new investigation, they evaporated [and] just went way.
The Russian cyber espionage groups also began hacking universities, but not necessarily for the usual government research secrets they traditionally had been hunting. They were [now] stealing [from] professors who had published … anti-Russian, anti-Putin sentiments. Wed seen the Chinese do that, but had never seen Russia doing that, Mandia said.
The scale and scope were starting to change. Then I thought maybe their anti-forensics had gotten sloppier because now we could observe that they were not going away, he said. Rather than their usual counter-forensics cleanup, the Russians now merely left behind their digital footprints from their cyber espionage campaigns.
They used to have a working directory and would remove it when they were done. But they just stopped doing that, Mandia said. Thats either because theyre no longer as disciplined in their campaigns, he said, or theyve just chosen to be more noticeable.
There are no easy solutions for response to this new MO of Russias hacking machine, either, he said. Theyre damn good at hacking, Mandia said.
The
Obama administrations Executive Order signed in 2015
gives the US the power to freeze assets of attackers who disrupt US critical infrastructure, or steal trade secrets from US businesses or profit from theft of personal information.
Its unclear for now whether President-Elect Donald Trump will preserve Obamas cybersecurity EOs and policies. Mandia said he doesnt expect them to be scrapped. No one wants to be hacked. Whether youre a Democrat or a Republican, you dont want people stealing your email. I cant imagine this is an issue that’s divided politically, he said.
Trumps cybersecurity platform published during the campaign calls for developing offensive capabilities in cybersecurity. Develop the offensive cyber capabilities we need to deter attacks by both state and non-state actors and, if necessary, to respond appropriately, according to his statement.
Some security experts say its unclear if that leaves the door open for private organizations to hack back. Mandia opposes businesses hacking back at their online adversaries: Its very dangerous. You will not have the intended consequences if you have anyone in the private industry do anything on offense, unless they were deputized by the government, he said.
Mandia is a fan of the oft-criticized
pact by President Obama and China president president Xi Jinping
not to conduct cyberspying attacks for economic gain. The agreement specifically applies to the theft of trade secrets and stops short of banning traditional espionage via hacking. Cyberespionage has been a notoriously prolific US strategy for China, with the US among its top targets, although Chinese officials deny such hacking activity.
While some security experts say the US-China agreement has not slowed Chinas hacking for IP theft, Mandia said his firm saw a dramatic decrease in the wake of the pact. FireEye saw the number of such attacks drop from 80 to four within one month after the pact. Whoever runs Chinas cyber espionage: they have disciplined troops. They stick to the rules of engagement, Mandia said.
He said he cant see how the Trump administration would scrap the pact with China. It has had impact in such an incisive way, I dont know why they would change it.
The New Wave
Mandia said cyber espionage and cyberattacks have now entered a new, less predictable phase. More emboldened nations are doing more emboldened things hacking-wise, such as Iran, he said.
Every day, Iran is hacking and there are no repercussions. They are getting operational experience and getting better at it, he said.
Grady Summers, CTO of FireEye, said his firm is seeing more coordination and destruction in all types of cyberattacks. Theyre seeing attackers use ransomware attacks moving from targeting a machine or two to thousands of machines. Theyre establishing a foothold, going lateral and going destructive and encrypting en masse, Summers said. That allows attackers to encrypt thousands of machines, and do more damage and gain more leverage.
Related Content:
How Clinton, Trump Could Champion Cybersecurity
Russia, Russia, Russia: What Clinton Or Trump Can Do About Nation-State Hacking Gone Wild
Russian Cyberspies Leaked Hacks Could Herald New Normal
Education Now Suffers The Most Ransomware Attacks

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Mandia: Russian State Hackers Changed The Game