As per the reports in last week, a group of hackers claimed that they had accessed sensitive information from employees of Mandiant – a security consultation service by FireEye under the campaign #LeakTheAnalyst operation.
As per the reports in last week, a group of hackers claimed that they had accessed sensitive information from employees of Mandiant – a security consultation service by FireEye under the campaign #LeakTheAnalyst operation. The so called venture - Mandiant had denied any breach or attack when the breach news was aired. Now the company has provided an update on the same incident following its investigation into the allegations made the hackers on July 31st. According to the blog post published by FireEye, there was no breach in the company network or Adi Peretz’s personal or corporate computers in spite of several attempts. The login credentials of Adi Peretz social media accounts and emails were already exposed earlier itself in some third party breaches which include LinkedIn. According to the company, the three document released by the hackers were already available online or are screen captures created by the attacker. Below is the full preview of the blog post by FireEye: I wanted to provide you an update on our investigation into allegations made earlier this week that FireEye had been breached. As background, on July 31, 2017, an anonymous individual (Attacker) claimed he had breached our corporate network. After six days of intensive investigation, we would like to provide our preliminary conclusions.
- The Attacker did not breach, compromise or access our corporate network, despite multiple failed attempts to do so.
- The Attacker did not breach, compromise or access the Victim’s personal or corporate computers, laptops or other devices.
- We confirmed the Victim’s passwords and/or credentials to his personal social media and email accounts were among those exposed in at least eight publicly disclosed third party breaches (including LinkedIn) dating back to 2016 and earlier.
- Starting in September 2016, the Attacker used those stolen passwords and/or credentials to access several of the Victim’s personal online accounts, including LinkedIn, Hotmail and OneDrive accounts.
- The Attacker publicly released three FireEye corporate documents, which he obtained from the Victim’s personal online accounts.
- All of the other documents released by the Attacker were previously publicly available or were screen captures created by the Attacker.
- A number of the screen captures created by the Attacker and posted online are misleading, and seem intentionally so. They falsely implied successful access to our corporate network, despite the fact that we identified only failed login attempts from the Attacker.
- We contacted the two identified customers as soon as we learned of this incident and have kept them apprised of the situation throughout the week.
- We immediately contained the Victim’s systems.
- We collected and reviewed forensic data from the Victim’s systems.
- We disabled the Victim’s FireEye corporate accounts.
- We worked with the Victim to regain control of his personal online accounts.
- We worked with the Victim to secure his personal online accounts, including implementing multi-factor authentication where possible.
- We communicated to all FireEye employees, both verbally and in writing, a reminder to be vigilant and provided detailed steps to best secure their personal accounts.
- We worked with the Victim and his online third party service providers to obtain any available log data that could assist our investigation.
- We reviewed all data sent to and from FireEye email to the Victim’s online accounts.
- We reviewed authentication and access activity on the Victim’s corporate, single sign-on (SSO), multifactor, and third-party accounts.