Multiple reports have it that a set of systems operated by Adi Peretz, a Senior Threat Intelligence Analyst at at Mandiant, a subsidiary of cybersecurity firm FireEye, was apparently compromised by hackers, exposing sensitive data.
The hackers hinted at the possibility of exposing more data in the future.
“It was fun to be inside a giant company named ‘Mandiant’ we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs. Now that ‘Mandiant’ knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let’s see how successful they are going to be :D,” the hackers posted on Pastebin.
FireEye responded to the claims of a breach with a Twitter post on Monday in which they claimed they were aware of the breach, which was limited to the social media accounts of the analyst. They said there was no evidence that FireEye or Mandiant systems were compromised.
“We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began investigating this situation and took steps to limit further exposure. Our investigation continues, but thus far we have found no evidence FireEye or Mandiant systems were compromised.”
The hackers also stated the main aim of the breach was the thrill of bypassing the safeguards put in place by the cybersecurity firm:
“Nobody understands the amount of dedication it takes to break into a highly secured network, to bypass every state of the art security measure installed to make a targeted network unbreakable, to code and hack not for the money but for the pleasure of being somewhere no one can be in, to be addicted to pain.
From time to time there is a know-it-all security professional tries to read your sick mind and blow your breach plan up to hell.
For a long time we – the 31337 hackers – tried to avoid these fancy ass “Analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say fuck the consequence let’s track them on Facebook, Linked-in, Tweeter, etc. let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).”