FireEye Dismisses Compromise Claims over #LeakTheAnalyst Operation

Written by

FireEye has refuted claims about compromise of its systems, after an employee’s social media accounts were defaced.

In a statement, a FireEye spokesperson said: “We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began investigating this situation, and took steps to limit further exposure. Our investigation continues, but thus far it, we have found no evidence FireEye or Mandiant systems were compromised.”

As featured by The Next Web, the LinkedIn profile of Mandiant analyst ‘Adi Peretz’ was hacked and defaced. The profile has since been taken down.

An email was sent early on Monday morning to media claiming to be from Peretz from an Israeli Hotmail account, which claimed to have a “major business critical data leak from FireEye and Mandiant by hacking into their Senior Threat Intelligence Analyst, Mr. Adi Peretz”. It claimed that the leak includes information about personal credentials, contractor details, top secret domains and business emails, and was published ‘under underground operation #LeakTheAnalyst.’

A Pastebin document (https://pastebin.com/6HugrWH4) claimed that initial access was achieved in 2016, with final access in 2017 to Mandiant, its parent FireEye, and ‘high profile personnel’.

It claimed that the breach included: Mandiant internal networks and client data; credentials; full access over a LinkedIn profile; full access over a victim’s private windows machine and OneDrive, as well as FireEye licenses and ‘favorite password patterns’.

A statement read: “Nobody understands the amount of dedication it takes to break into a highly secured network, to bypass every state of the art security measure installed to make a targeted network unbreakable, to code and hack not for the money but for the pleasure of being somewhere no one can be in, to be addicted to pain.”

Special thanks were given to APT1, APT29 and APT32, all of which were detailed by Mandiant and FireEye.

The statement concluded by claiming that the ‘leet’ hackers tried to avoid analysts “whom trying to trace our attack footprints back to us and prove they are better than us”, and the point of the #LeakTheAnalyst operation was to track the analysts on social media and “trash their reputation in the field”.

FireEye acquired Mandiant for $1 billion at the end of 2013.

What’s hot on Infosecurity Magazine?