FireEye's Mandiant 'victim of cyberattack'
FireEye says it is investigating the claims but has not found any evidence of a breach 'thus far'
FireEye's Mandiant consultancy firm appears to be the victim of a cyberattack after a note purported to be from the hacker spread on social media.
At the same time a FireEye analyst's LinkedIn appeared to have also been hacked, with the perpetrator posting numerous expletive-laden messages.
The employee's bio was changed to state: "I've been hacked, all my data, all your chats, all my contacts, your numbers, your emails along with my credentials have been leaked.
"My devices are also nuked [sic]."
At the same time Twitters users began sharing a link to a document that appeared to show details of the attack - claiming the hacker first gained access to Mandiant in 2016.
The document contained a link and password to a file which it claimed contains details of the information obtained from the hack - as well as a link to the hacked employee's LinkedIn page. The LinkedIn profile has since been taken down.
The document contained the hashtag ‘#Leaktheanalyst' which has since been used by numerous Twitter users speculating on the incident.
After naming the analyst as the first victim of the attack, the report goes on to list "potential" targets, including the Israeli Prime Minister's office, LinkedIn contacts and third-party contractors.
"Mandiant Internal networks and its clients data has been compromised (might be leaked separately)," it added.
A FireEye spokesperson told CRN: "We are aware of reports that a Mandiant employee's social media accounts were compromised.
"We immediately began investigating this situation and took steps to limit further exposure. Our investigation continues, but thus far we have found no evidence FireEye or Mandiant systems were compromised."
The vendor is scheduled to release its quarterly results tomorrow.
Carl Gottlieb, founder of cybersecurity consultancy Cognition, said that a number of professionals in the security industry are guilty of not practising what they preach.
"We all expect leading security companies to have the best defences, but in reality it's the old adage of 'the cobbler's children have no shoes'," he said.
"It's well known in the information security industry that many of its leading experts have weak operational security themselves.
"In this case I'm hoping that attack was an isolated incident but the big concern for Mandiant, beyond the PR headache, will be what sensitive client data may have been breached."
Call to arms
Expanding on their motives, the hacker went on a rant claiming their actions are not financially driven.
"For a long time we - the 31337 hackers - tried to avoid these fancy a** "analysts" whom trying [sic] to trace our attack footprints back to us and prove they are better than us.
"In the #LeakTheAnalyst operation we say f**k the consequence let's track them on Facebook, LinkedIn, Tweeter [sic], etc.
"Let's go after everything they've got, let's go after their countries, let's trash their reputation in the field. If during your stealth operation you pwned [sic] an analyst, target him and leak his personal and professional data, as a side job of course ;)."