The company announced the theft on 8 December AEDT, but even yesterday (Tuesday) had no comment to offer as to when it became aware of the compromise.
An inquiry from iTWire merited this response from a FireEye spokeswoman on Tuesday: "This is an active investigation and we are not releasing a breakdown of the timeline."
Tech industry sources have told iTWire that rumours about a break-in at FireEye have been floating around at least since 30 October.
CSIS Cyber's Peter Kruse tweeted: "We at @csis_cyber have notified @ FireEye about several compromised internal machines as well as clients logging into their services happening up until October 2020. All popped by #trickbot and one likely sold in December 2019."
FireEye has also been accused of having poor security for its Internet-facing infrastructure; the claim was made by Andy Jenkinson, chief executive of UK-based Cybersec Innovation Partners, a company that does PKI discovery and also claims to be "management experts for all Internet-facing and internal security".
The game has been given away to some extent by a detailed study, the results of which FireEye released on Monday AEDT. No less than 43 of its staff were named as being involved in that research – plus three more from Microsoft.
Such an exercise could not have been done overnight and not even in a week or two. It would have taken months of painstaking and irritating work, especially since the company could not afford to put a foot wrong as its reputation was at stake.
So was FireEye continuing to sell its services to other companies after it was breached, without informing them about the breach? That is the $64 million question.
Given that it is a publicly listed firm, FireEye had no option but to come out and make a statement about the goings-on within its network. Additionally, given the profile that it has built up for itself, it would have been conscious that it could not indulge in braggadocio as it has often done in the past.
It must have taken a great deal of control on the part of chief executive Kevin Mandia — normally a man given to much flamboyance and announcements about attribution at the drop of a hat — to provide a restrained account and eat crow in public.
But he will be able to draw the curtain on this episode only after he comes out in the open and tells world+dog when his firm was breached, accepts responsibility — no matter what software was used to breach FireEye's defences, the security firm is supposed to be the guardian, not the exploited — and apologises to all and sundry.
The CEO generally takes the rap when things go bad at a company. Mandia would do well to bear that in mind – and also the thought that there are likely to be several other well-qualified techies waiting in the wings, and salivating at the thought of heading FireEye themselves.