A group of hackers under the campaign #LeakTheAnalyst operation claims that they have accessed sensitive information from employees of Mandiant - a security consultation service by FireEye. Mandiant is the leader in America to help organizations respond to and proactively protect against advanced cyber security threats. After the initial analysis, FireEye denied any major security breach and said that there is no evidence of any compromise beyond an unconfirmed breach of a single machine. The current leak does not contain any evidence pointing to the core assets of Mandiant. The anonymous hackers claim that they have access to Mandiant internal networks since 2016 itself. They posted 32 megabytes of compressed data belonging one of the senior threat intelligence analysts of Mandiant - Adi Peretz. These hackers are interested in leaking security analyst’s personal data. Hackers leaked these data as the proof to inform the company that they have been compromised from last year and to make them understand how deep hackers have access into networks. They have also challenged the security experts of the company - ‘how successful they are going to be in blocking us.'
Depth of breach
- Mandiant internal networks have been compromised
- The company’s client data has been accessed and might be leaked. The client In the data archive is Israeli Defence Force (IDF)
- Credentials like: Mandiant-FireEye docs, Web-Ex, JIRA, Staff Emails, Amazon accounts, LinkedIn account, etc.
- Complete access over victim’s - Adi Peretz’s LinkedIn account
- Access over victim’s live account - Private windows machine, online GPS tracking, official calendar events, OneDrive, contacts and billing address
Leaked data
- Geographical location of the victim
- Top secret documents and credentials
- Password patterns
- FireEye Licenses and worksheets
- Private Contracts
- Network Topology Drawings
- LinkedIn account details
The operation is under the #LeakTheAnalyst campaign. It is an operation by a group of hackers aiming to shut down and leak the data from security and intelligence researchers.At present, the hackers’ details are not out yet. Mandiant may be still affected by further leaks. All researchers and security analysts are advised to make the security measures double strong, as they are targeted by the intruders. Disclaimer:
Secure Reading has no confirmed sources for the information shared in the above news/articles. It relies on various unconfirmed inputs, social media claims, and websites for its content, and cannot guarantee the accuracy, timeliness, and genuineness of the same. If there is any error in the news, and once it is brought up to our attention with relevant evidence, Secure Reading is willing to make necessary corrections as applicable.