When the cyber security firm FireEye announced it had been violated and some of its most valuable tools had been stolen, there was tension all over.

Various U.S. agencies were successfully targeted like the departments of State, Treasury, Commerce, Energy and Homeland Security and the National Institutes of Health.

Kevin Mandia who is the CEO of FireEye solves the mystery by through the following questions:

Who is behind this attack?

According to Mandia, it's definitely a nation. In regards to the supply chain compromise at SolarWinds, they did an unharmful addition of code in October 2019 inside the supply chain, saw that it was provisioned. They went to live with actual suspicious code inside of the SolarWinds in March through June of this year.

So this is somebody who is patient, professional and what made this interesting to me is he felt they were more keen in staying secretive than they were about accomplishing their mission.

What nations have this kind of capability?

Not a lot. And that's probably it. He states that there is may be about six to eight technical details that made him realize this is a nation and at the most a foreign intelligence service doing this violation. Among those, one of them is they used an infrastructure to attack FireEye. The IP addresses or systems they use to attack FireEye were not used in any other incident we are cautious of.

In other words, the attackers were setting up an infrastructure to attack FireEye that was completely unique to attack FireEye. That takes a lot of maintenance. That takes a huge amount of coordination. Its an operation — not just a hack.