Am I missing something?
I know it's late and perhaps I misunderstood some things in this article but...
" the insurer drafted in experts from FireEye Mandiant in October that year [2014] to shore up its network. Mandiant's eggheads discovered the well-hidden intrusion months later in January 2015 before subsequently identifying 35 infected computers.
And this:
"That 35th computer allegedly contained evidence proving that the hackers used customized malware to download sensitive data. This system was apparently marked as an “end-of-life” asset in 2016 by Premera’s IT team and destroyed."
Am I understanding correctly that Mandiant knew about an intrusion in January of 2015 and an entire year passed without Mandiant making a forensic image of this so-called "developer" computer but does have forensic images of all the others?
Isn't this the same Mandiant FireEye that was "protecting" Equifax?
https://www.theregister.co.uk/2017/09/11/equifax_incident_response_omnishambles/
I'm seeing a pattern here.