[5] STG combined FireEye with its acquisition of McAfee's enterprise business to launch Trellix, an extended detection and response (XDR) company.

[9] Initially, FireEye focused on developing virtual machines to download and test internet traffic before transferring it to a corporate or government network.

[16] Mandiant was a private company founded in 2004 by Kevin Mandia that provided incident response services in the event of a data security breach.

[16] Since acquiring Mandiant, FireEye has been called in to investigate high-profile attacks against Target, JP Morgan Chase, Sony Pictures, Anthem, and others.

[5] The sale split off its cyber forensics unit, Mandiant,[35] and the FireEye stock symbol FEYE was relaunched as MNDT on the NASDAQ on October 5, 2021.

[36] On January 18, 2022, STG announced the launch of Trellix, an extended detection and response company, which is a combination of FireEye and the McAfee enterprise business.

[37] In January 2025 Symphony Technology Group tapped Vishal Rao to take over as CEO of Trellix while continuing to serve as chief executive of sister company Skyhigh Security.

[6] Trellix includes the endpoint, cloud, collaboration, data and user, application, and infrastructure security capabilities of FireEye and McAfee.

[45] In July 2012, FireEye was involved in the analysis[46] of the Grum botnet's command and control servers located in the Netherlands, Panama, and Russia.

FIN4 appears to conduct intrusions that are focused on a single objective: obtaining access to insider information capable of making or breaking the stock prices of public companies.

Referred to as SYNful Knock, the implant is a stealthy modification of the router's firmware image that can be used to maintain persistence within a victim's network.

The company said that the enterprising duo uses various strategies to compromise point-of-sale systems, steal payment card information, and sell it on their underground marketplace "Vendetta World.

"[56] In mid-2016, FireEye released a report on the impact of the 2015 agreement between former U.S. President Barack Obama and China's paramount leader Xi Jinping that neither government would "conduct or knowingly support cyber-enabled theft of intellectual property" for economic advantage.

[57] In 2016, FireEye announced that it had identified several versions of an ICS-focused malware – dubbed IRON GATE – crafted to manipulate a specific industrial process running within a simulated Siemens control system environment.

[59] In 2016, FireEye discovered a widespread vulnerability affecting Android devices that permit local privilege escalation to the built-in user "radio", making it so an attacker can potentially perform activities such as viewing the victim's SMS database and phone history.

[60] In 2016, FireEye provided details on FIN6, a cybercriminal group that steals payment card data for monetization from targets predominately in the hospitality and retail sectors.

The group was observed aggressively targeting and compromising point-of-sale (POS) systems, and making off millions of payment card numbers that were later sold on an underground marketplace.

This vulnerability allows a malicious actor to download and execute a Visual Basic script containing PowerShell commands when a user opens a document containing an embedded exploit.

[69] Within a week of FireEye's breach, cyber-security firm McAfee said the stolen tools had been used in at least 19 countries, including the US, the UK, Ireland, the Netherlands, and Australia.

[72] In a January 2022 report on Fox News, Trellix CEO Bryan Palma stated that there is an increasing level of cyberwarfare threats from Russia and China.