A lot. Anything beyond this point is pure speculation. We don’t know the techniques used, or who did it. We also don’t know why they did it, and the full range of what was stolen. It seems strange for a sophisticated adversary to use never seen before techniques purely to steal FireEye attack tooling. It is not ‘new’, as it burns something high value for something that is probably less value. So there may be more to this:
- Did the threat actor steal government and customer data?
- Did they steal FireEye product data to craft exploits against it?
- Was this purely a geopolitical statement and a response by Russia in light of recent US Gov disclosures of Russian malware capabilities?