An individual or group that goes by the name “31337” have reportedly stolen information from an analyst at Mandiant, a subsidiary of FireEye. FireEye has since released 2 statements on the suspected breach.
The first statement released by FireEye “Thus far, it appears at least two customers were impacted, and we have addressed this situation with each customer directly,” the statement continues. “The documents exposed were labelled with these customer names, but did not contain any customer confidential information.” appears to admit that there was some breach.
However, in the latest statement released by FireEye “so far found no evidence that [Mandiant’s] corporate network was compromised or that the employee’s personal systems were compromised.” seems to contradict the first statement.
A post on Pastebin, which has been deleted, reportedly titled: “Mandiant Leak: Op. #LeakTheAnalyst,” included the following message from the culprit.
“For a long time we — the 31337 hackers — tried to avoid these fancy ass ‘analysts’ [who are] trying to trace our attack footprints back to us and prove they are better than us,”
“In the #LeakTheAnalyst operation we say **** the consequence let’s track them on Facebook, Linked-in, Tweeter, etc. let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course.”
“This leak was just a glimpse of how deep we breached into Mandiant, we might publish more critical data in the future,”
The message seems to imply that the attack was just the start in a string of targeted future attacks intended to ruin any analysts’ reputation whose work may have ended any malicious campaigns. This attack differs from many of the recent attacks as it doesn’t seem to be financially motivated, with the attack feeling almost personal. However, many analysts don’t believe the attacker will follow through with the threat and almost seeming to taunt the attacker by saying the attack was likely just beginners luck.
Deception is a popular tactic used by hackers, the hacker or hackers could be misleading us all by pretending that the purpose of the attack was just to target the researcher while in fact, they could have had some ulterior motive. Especially when the the 2 reported victims of the Mandiant breach being Israeli prime minister’s office and Israel’s Hapoalim Bank. That is purely just speculation at this point but it will be interesting to see how the victims of the attack were affected. It is an ongoing investigation with more information likely to surface in the near future.