sb-as logo
Story image

"Victory for the good guys" - criminal behind Mandiant hack arrested

06 Nov 2017

FireEye has caught the hacker behind a well-publicised attack that leaked a security researcher’s details and claimed to infiltrate the company’s networks earlier this year.

Mandiant employee Adi Peretz was the attack’s main victim as a number of his online accounts were exposed. Mandiant is a division of FireEye.

The alleged hacker, who went by the username of LeakTheAnalyst, has now been arrested according to reports, although their name and location have not been made public.

 “These attackers rarely, if ever get caught…Over my career, I have found it frustrating how little risk or repercussions exist for the attackers, who hide behind the anonymity of the internet to cause harm to good, well-intentioned people,” Mandia says in a statement.

In addition to OneDrive accounts and PayPal invoices, Peretz’s LinkedIn login was compromised and his page was allegedly defaced by the hacker. The hacker also claimed to have gained access to Mandiant’s systems and customer data.

It was fun to be inside a giant company named 'Mandiant' we enjoyed watching how they try to protect their clients and how their dumb analysts are trying to reverse engineer malwares and stuffs. Now that 'Mandiant' knows how deep we breached into its infrastructure its so-called threat analysts are trying to block us. Let's see how successful they are going to be :D,” the hackers’ say as part of their data dump,” a post on PasteBin said.

Two weeks later, the hacker posted another batch of information apparently from the data dump. They also claimed that FireEye was conducting a coverup.

“Well we were waiting FireEye for a public comment and FireEye lied again, and they lied in cost of their customers. They did a mistake. They knew we had access to JIRA, Their IDF workshop wasn't a part of Adi Peretz's job. They knew Adi Peretz wasn't working on Bank Hapoalim," The PasteBin dump says.

"They said our documents was "public", are license files, private contract documents, private IDF workshops and internal network topologies public? If they weren't public why did you removed our files and from public file hosting? Why did you removed our first Pastebin message? They knew the truth and they're hiding it from their customers and the public,” it continues.

 “Therefore, I am pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys,” Mandia concludes.

Want to see how the story unfolded? Read our initial coverage: Mandiant security researcher stung by hackers - parent co FireEye denies entire network breach    And our followup story, FireEye data leaks continue - or are the hackers just trolling?

Story image
New solution shines light on Dark Web credential trading
The Kaseya-owned Spanning Cloud Apps has released software that monitors the Dark Web for compromised Office 365 credentials.More
Story image
Forcepoint unveils impressive channel recruits across APAC and ANZ
Cybersecurity firm Forcepoint has named four new key appointments to its leadership team as it looks to strengthen its channel, strategy and sales lineup across the Asia Pacific and Australian New Zealand regions.More
Story image
Employee errors 'the most significant threat to personal data' - report
According to a report released today by nCipher Security, employees actions and mistakes are increasingly being recorded as one of the most significant risks to an organisation’s security posture.More
Story image
Interview: RSA explains security in the epoch of IT disruption
We discussed cybersecurity in terms of how it fits into business continuity, as well as the threat landscape, and what RSA is currently doing to assist businesses that need protection.More
Story image
Attivo Networks bolsters Google Cloud’s Managed Service for Microsoft Active Directory
“By detecting unsanctioned access to AD, security teams receive alerts early in the attack lifecycle, and the attacker is less likely to get the critical AD information they were seeking."More
Story image
Interview: Ping Identity exec on why security system updates are critical during COVID-19
Techday spoke with Ping Identity country manager for A/NZ and Japan, Ashley Diffey, on how zero-trust is favourable over perimeter-based security, and what the changes in work mean for businesses in a post-COVID-19 world.More