Pro-Iranian hackers are targeting sites in the Middle East and starting to stretch into the United States during the war.

The CEO of FireEye Kevin Mandia gives a tour of the cybersecurity company's unused office space in Reston, Va., Tuesday, March 9, 2021. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks. The second wave, which began Feb. 26, is highly uncharacteristic of Beijing's elite cyber spies and far exceeds the norms of espionage, said Kevin Mandia of FireEye. In its massive scale it diverges radically from the highly targeted nature of the original hack, which was detected in January. Neither the White House nor the Department of Homeland Security offered comment on whether they attribute the second wave to China.

FireEye CEO Kevin Mandia, SolarWinds CEO Sudhakar Ramakrishna and Microsoft President Brad Smith testify during a Senate Intelligence Committee hearing on Capitol Hill on Tuesday, Feb. 23, 2021 in Washington. In the first congressional hearing on the breach, representatives of technology companies involved in the response described a hack of almost breathtaking precision, ambition and scope. “We haven’t seen this kind of sophistication matched with this kind of scale,” Microsoft President Brad Smith told the Senate Intelligence Committee. U.S. national security officials have also said Russia was likely responsible for the breach, and President Joe Biden's administration is weighing punitive measures against Russia for the hack as well as other activities. Officials have said the motive for the hack, which was discovered by private security company FireEye in December, appeared to be to gather intelligence.

The threat apparently came from the same cyberespionage campaign that has afflicted FireEye, foreign governments and major corporations, and the FBI was investigating. FireEye’s customers include federal, state and local governments and top global corporations. Cybersecurity experts said last week that they considered Russian state hackers to be the main suspect in the FireEye hack. Federal government agencies have long been attractive targets for foreign hackers. “I suspect that there’s a number of other (federal) agencies we’re going to hear from this week that have also been hit,” Williams added.

The U.S. believes North Korea and Russia capitalized on the stolen tools to unleash devastating global cyberattacks. The nation’s Cybersecurity and Infrastructure Security Agency warned that “unauthorized third-party users” could similarly abuse FireEye’s stolen red-team tools. FireEye has been at the forefront of investigating state-backed hacking groups, including Russian groups trying to break into state and local governments in the U.S. that administer elections. Its threat hunters also have helped social media companies including Facebook identify malicious actors. FireEye said it is investigating the attack in coordination with the FBI and partners including Microsoft, which has its own cybersecurity team.