Among the worrying signs, the attacker seemed to have an understanding of the red flags that typically help companies like FireEye find intrusions, and they navigated around them: They used computer infrastructure entirely located in the U.S.; and they gave their systems the same names used by real FireEye employee systems, an unusually adept tactic designed to further conceal the hackers’ presence.
More alarmingly, FireEye, other security companies and partners in the intelligence community and law enforcement could find no evidence linking that infrastructure to attacks on other victims. Hackers, even good ones, often reuse their cyber tools because doing so is easier, cheaper and faster.
The laser focus made the attack harder to detect, FireEye and others said. Mr. Mandia likened the activity to “a sniper round through a bulletproof vest.”…
While intelligence officials and security experts generally agree Russia is responsible, and some believe it is the handiwork of Moscow’s foreign intelligence service, FireEye and Microsoft, as well as some government officials, believe the attack was perpetrated by a hacking group never seen before, one whose tools and techniques had been previously unknown.