Written byChris Bing
A hacker claiming to have compromised cybersecurity firm Mandiant published a trove of leaked emails Sunday apparently connected to a single employee’s personal computer.
While the attacker boasted of breaking into the company’s corporate network, the available evidence only suggests that a personal computer, which stored some work documents, was hacked.
“It was fun to be inside a giant company named ‘Mandiant’ we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs,” the hacker’s message reads. “Now that ‘Mandiant’ knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let’s see how successful they are going to be :D.”
In a statement provided to CyberScoop, a spokesperson for Mandiant’s parent company FireEye said: “We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began investigating this situation, and took steps to limit further exposure. Our investigation continues, but thus far we have found no evidence FireEye or Mandiant systems were compromised.”
— Ido Naor (@IdoNaor1) July 31, 2017
The results of the hack were posted in part on PasteBin, a website where users can store plain text posts. The post showed the affected Mandiant researcher’s name and also provided some details about the hacker’s alleged access to other confidential systems and information. It appears as if the Mandiant researcher’s personal LinkedIn account was in fact compromised, as the content of his profile was changed.
Based on the hacker’s message, another post could soon follow, although Mandiant’s early analysis reportedly showed that the attacker did not hack into the individual’s actual work email or accessed any corporate systems. Mandiant says a forensic analysis is ongoing.
By accounts, a reputation hack only. So far limited to a single person's home box. Lack of additional suggests good backstopping by Mandiant https://t.co/u1byjjSpTb
— Brian Baskin (@bbaskin) July 31, 2017
In one case, the leaked emails do show a single password for Jira, an internal ticketing platform that is often used by analysts to organize their workflow. It’s not uncommon for ticketing systems to carry and transport login credentials and other sensitive user information. As such, if the attacker was somehow able to leverage this password than it could have helped them potentially hack into other targets.
“This leak was just a glimpse of how deep we breached into Mandiant, we might publish more critical data in the future,” the hacker wrote.
The incident was described by the author as part of a larger initiative called the “#LeakTheAnalyst operation,” which is supposedly focused on humiliating cybersecurity analysts and other professionals currently working in the field.
This is not the first time that a group of so-called “black hat” hackers decided to rebel against their “white hat” counterparts, who track down cybercriminals. In 2009, a group of hackers known as “Zero for Owned” also similarly targeted several prominent cybersecurity luminaries, such as Kevin Mitnick and Jeff Moss, by defacing some of their personal websites.