Sign Up
All SecurityCyber-crimePatchesResearchCSO
All Off-PremEdge + IoTChannelPaaS + IaaSSaaS
All On-PremSystemsStorageNetworksHPCPersonal TechCxOPublic Sector
All SoftwareAI + MLApplicationsDatabasesDevOpsOSesVirtualization
All OffbeatDebatesColumnistsScienceGeek's GuideBOFHLegalBootnotesSite NewsAbout Us

Security

PasteBin data dump: Hackers claim files are from Mandiant FireEye 'breach'

Security analysts: None of our systems were pwned

John Leyden Mon 31 Jul 2017  //  11:58 UTC

Hackers have leaked what they claim is information stolen from FireEye/Mandiant after apparently breaking into the incident response biz's network. Mandiant has denied this.

The miscreants, who branded their attack campaign "Op #LeakTheAnalyst," claimed in a preface to their PasteBin dump that they had "breached [Mandiant's] infrastructure" and alleged that Mandiant's internal networks and its clients' data had been compromised.

However, there is no hard evidence of any significant compromise. It appears Op #LeakTheAnalyst is the result of mischief-makers breaking into a Mandiant staffer's social media accounts and leaking some of the contents.

Ido Naor, a researcher at Kaspersky Lab, commented: "Only one workstation seems to be infected during ‪#leakTheAnalyst‬. Dump does not show any damage to core assets of ‪Mandiant‬."

Researcher Hanan Natan‏ agreed: "The current ‪#leakTheAnalyst‬ dump doesn't contain any [proof] that they compromised the ‪Mandiant‬ networks.‬"

In response, FireEye put out a preliminary statement blaming the whole thing on a social media leak.

We are aware of reports that a Mandiant employee's social media accounts were compromised. We immediately began investigating this situation, and took steps to limit further exposure. Our investigation continues, but thus far, we have found no evidence FireEye or Mandiant systems were compromised.

®
Send us news
7 Comments

Kremlin's Sandworm blamed for cyberattacks on US, European water utilities

Water tank overflowed during one system malfunction, says Mandiant

185K people's sensitive data in the pits after ransomware raid on Cherry Health

Extent of information seized will be a concern for those affected

Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals

It’s the second time the World-Check list has fallen into the wrong hands

US House approves FISA renewal – warrantless surveillance and all

PLUS: Chinese chipmaker Nexperia attacked; A Microsoft-signed backdoor; CISA starts scanning your malware; and more

Global taxi software vendor exposes details of nearly 300K across UK and Ireland

High-profile individuals including MPs said to be caught up in leak

SharePoint logs are easily circumvented and Microsoft is dragging its heels

Now is the perfect time to review those permissions

Puppies, kittens, data at risk after 'cyber incident' at veterinary giant

IT systems pulled offline for chance to paws and reflect

Pandabuy confirms crooks nabbed data on 1.3M punters

Nothing says 'sorry' like 10 percent off shipping for a month

Ransomware gang <em>did</em> steal residents' confidential data, UK city council admits

INC Ransom emerges as a growing threat as some ex-LockBit/ALPHV affiliates get new gigs

OWASP server blunder exposes decade of resumes

Irony alerts: Open Web Application Security Project Foundation suffers lapse

Nearly 3M people hit in Harvard Pilgrim healthcare data theft

Also, TheMoon botnet back for EoL SOHO routers, Sellafield to be prosecuted for 'infosec failures', plus critical vulns

AT&amp;T admits massive 70M+ mid-March customer data dump is real though old

Still claims the personal info wasn't stolen from its systems