Breaking into to steal tools is an interesting approach, however I think most importantly bad guys were after information on how to avoid detection by those tools or how to protect their systems against those tools. https://www-nytimes-com.cdn.ampproject.org/c/s/www.nytimes.com/2020/12/08/technology/fireeye-hacked-russians.amp.html