This morning, hackers calling themselves “the 31337 hackers” as part of ‘Leak The Analyst’ operation dumped information of top cyber security form Mandiant, that was acquired by FireEye for $1 billion. A researcher named Adi Peretz was targeted and his social media accounts also hacked.
His profile pic on LinkedIn was changed to that of a person’s naked buttocks. The dump contained among other things, the agenda for a FireEye-Israel Defense Forces cyber security workshop on June 13-14.
The hackers mocked the cyber security professional for using Windows OS and thanked Cisco WebEx and Microsoft Windows, probably mocking their weak security. It is worth noting that WebEx recently had a remote code execution (RCE) vulnerability.
The leaks supposedly contain the geo-locations of the victim, FireEye Worksheets,
Network Topology Drawings from FireEye’s Core Analysis Lab) and a Linked-in contact dump in json format. The hackers claimed that Mandiant Internal networks and its clients data has been compromised and might be leaked separately. They added that Credentials (Mandiant-FireEye Docs, Mandiant-FireEye WebEx, Mandiant -FireEye JIRA, Staffs Emails, Amazon Account, Linkedin Account, etc might also be leaked by them later.
The dump is available here. Among other things, the dump contained Apate DNS, a tool for controlling DNS responses. Given that the tool is freely available, it raises questions regarding the credibility of the dump. Why would a tool that is freely available be leaked? Is it to dupe journalists into believing the dump is of more significance than it is?
A FireEye spokesperson had this to say about the incident- “We are aware of reports that a Mandiant employee’s social media accounts were compromised. We immediately began investigating this situation, and took steps to limit further exposure. Our investigation continues, but thus far it, we have found no evidence FireEye or Mandiant systems were compromised.”
Aveek Sen is an independent journalist working on cyber security and the geopolitics of India’s neighbourhood, focusing on Pakistan, Afghanistan, Iran and Bangladesh.
He tweets @aveeksen