Has Mandiant been hacked? Cybercriminals leak files and claim 'client data' hijacked

A Mandiant employee was hacked but the firm doesn't believe there has been a widespread breachMarkus Spiske/Unsplash

Hackers claim to have infiltrated the computer networks of US cybersecurity giant Mandiant as part of a new campaign dubbed "Leak the Analyst". On Monday (31 July), hackers leaked a small batch of documents and files reportedly stolen from senior threat researcher Adi Peretz.

The campaign is billed as a protest against legitimate security researchers, with the culprits asking other hackers to "trash the reputation" of analysts working for established cyber companies by breaking into their social media profiles, online accounts or workplace computers.

On PasteBin, the hackers claimed that the initial breach took place last year and said that some "client data" had been compromised. However, there is no evidence yet which backs up those assertions.

Advertisement

The leaked files included batches of alleged social media contacts and personal Mandiant documents, with the majority focused on Peretz's LinkedIn profile.

Experts have said there is no indication, at least at the time of writing, that the alleged breach is wider in scope than the single employee's social accounts.

Leaked file names included: Billing, Credentials, Email, Geo, LinkedIn, Live and OneDrive. At a glance, they contained nothing damaging to the firm. The researcher's LinkedIn profile was defaced and their profile picture altered.

A spokesperson for Mandiant's parent company, FireEye, told IBTimes UK: "We are aware of reports that a Mandiant employee's social media accounts were compromised.

"We immediately began investigating this situation, and took steps to limit further exposure. Our investigation continues, but thus far, we have found no evidence FireEye or Mandiant systems were compromised."

On PasteBin, the hackers wrote: "This leak was just a glimpse of how deep we breached into Mandiant, we might publish more critical data in the future. So DO NOT F*** WITH US!"

It thanked two known hacking groups with alleged Russian links, APT28 and The Shadow Brokers.

Advertisement

"Beginners luck"

Referencing the leak, Ido Naor, a researcher at cybersecurity giant Kaspersky Lab, tweeted: "Only one workstation seems to be infected during #LeakTheAnalyst. Dump does not show any damage to core assets of Mandiant. The 'operation' [...] is probably just a beginners luck."

Mandiant is well-regarded for its cybersecurity and digital forensics work, and was purchased by US company FireEye back in 2014 for roughly $1bn. Both firms investigate large-scale hacks and breaches, and are known across the industry for researching nation-state software.

The hackers claimed that legitimate security researchers had complicated criminal activity. The statement said: "For a long time we - the 31337 hackers - tried to avoid these fancy ass 'analysts' whom trying to trace our attack footprints back to us and prove they are better than us.

"From time to time there is a know-it-all security professional tries to read your sick mind and blow your breach plan up to hell. In the #LeakTheAnalyst operation we say f*** the consequence let's track them on Facebook, Linkedin, Tweeter, etc. let's go after everything they've got."

News of the alleged leak came just after the conclusion of BlackHat and Defcon, two massive cybersecurity conferences hosted in Las Vegas.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.