FireEye
Pioneering threat-intelligence firm founded by Ashar Aziz; merged into Trellix after 2021 STG acquisition.
Last refreshed: 8 May 2026 · Appears in 1 active topic
Does the Trellix breach mean FireEye's two decades of detection research is now in criminal hands?
Timeline for FireEye
Trellix discloses 21-day-old breach of source-code repository
Cybersecurity: Threats and Defences- What happened to FireEye?
- FireEye's products business was acquired by STG in 2021, then merged with McAfee Enterprise to form Trellix in January 2022. The Mandiant services division was sold separately to Google in 2022.
- Is Mandiant the same as FireEye?
- Mandiant was FireEye's incident-response and threat-intelligence services division. When STG acquired FireEye in 2021, it separated the products and services businesses. Mandiant was sold to Google in 2022 and now operates as Google Threat Intelligence Group.
- How was FireEye involved in the SolarWinds hack discovery?
- FireEye's Mandiant division discovered the SolarWinds Orion supply-chain compromise in December 2020 when investigating its own breach, notifying the US government and triggering one of the largest cyber investigations in history. Mandiant's disclosure made the SolarWinds attack public.Source: Mandiant / FireEye
- Was FireEye's legacy code exposed in the 2026 Trellix source-code breach?
- Yes. RansomHouse accessed Trellix's repository in April 2026. FireEye's detection logic, signature databases, and proprietary analytics form part of the Trellix codebase that was breached, meaning FireEye intellectual property built over two decades was among the exposed material.Source: Trellix
- What is the difference between FireEye, Mandiant, and Trellix now?
- FireEye's products business became Trellix (via an STG merger with McAfee Enterprise) in 2022. The Mandiant services division was sold to Google in 2022 and operates as Google Threat Intelligence Group. Neither the FireEye nor Mandiant brands exist independently; both are absorbed into their respective acquirers.
Background
FireEye was founded in 2004 by Ashar Aziz, a former Sun Microsystems engineer, and grew into one of the most influential threat-intelligence and incident-response firms in cybersecurity. It went public on Nasdaq in 2013 and became globally recognised for high-profile nation-state attribution work, including the 2014 Sony Pictures hack (attributed to North Korea) and extensive reporting on Chinese APT groups. FireEye's Mandiant division, which ran major breach investigations including the 2020 SolarWinds compromise, became synonymous with forensic depth.
In 2021, private equity firm Symphony Technology Group (STG) acquired FireEye's products business for $1.2 billion, separating it from the Mandiant services division. Mandiant was subsequently sold to Google in 2022 for approximately $5.4 billion and now operates as Google Threat Intelligence Group. STG merged the FireEye products business with McAfee Enterprise in January 2022 to create Trellix.
FireEye's legacy is present in the Trellix codebase accessed by RansomHouse in April 2026. The detection logic, signature databases, and proprietary analytics that FireEye built over two decades form part of what was exposed.