SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Mandiant security researcher stung by hackers - parent co FireEye denies entire network breach
Wed, 2nd Aug 2017
FYI, this story is more than a year old

It seems that not even security experts are immune to hacks, after reports surfaced this week that one unlucky researcher was hit by hackers.

Adi Peretz, an employee at US-based Mandiant, a division of global security firm FireEye, was the victim of a hack that saw a number of his online accounts exposed.

The breach targeted the researcher's credentials, LinkedIn profile, live account and PayPal invoices, according to the hackers.

Other reports said that hackers had targeted the researcher's LinkedIn profile and ‘defaced' it. The profile is no longer online.

The hackers posted details on PasteBin as part of a data dump, saying that they had breached not only the company's internal systems, but customer data too.

“It was fun to be inside a giant company named 'Mandiant' we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs. Now that 'Mandiant' knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let's see how successful they are going to be :D,” the hackers' say as part of their data dump."

The hackers claim they also got access to the researcher's geolocation, top secred documents, complete business and personal emails, FireEye licences, network topology drawings and more.

“Mandiant Internal networks and its clients data has been compromised (might be leaked separately),” the hackers say.

However, Mandiant and other researchers say that's not the case and there was no company breach at all.

“We are aware of reports that a Mandiant employee's social media accounts were compromised. We immediately began investigating this situation, and took steps to limit further exposure. Our investigation continues, but thus far, we have found no evidence FireEye or Mandiant systems were compromised,” a statement from Mandiant says.

Kaspersky researcher Ido Naor posted on Twitter that the breach did not spread to all of Mandiant's systems.

 “For a long time we - the 31337 hackers - tried to avoid these fancy ass "Analysts" whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say f*** the consequence let's track them on Facebook, Linked-in, Tweeter, etc. let's go after everything they've got, let's go after their countries, let's trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;),” the hackers' conclude.