A well-known ransomware organization said that it had successfully hacked Mandiant cybersecurity company and is intending to publish the stolen data as a result. Monday afternoon, a Mandiant official spokesperson informed that the company is aware of the accusations, but has no proof of actual company compromise.
Mediant is one of the biggest names in the multibillion-dollar cybersecurity market. Google announced in March that it will purchase Mandiant to become a component of Google Cloud for nearly $5.8 billion.
Later in the night on Monday, Mandiant released a statement saying that there are no signs that Mandiant data has been compromised, but rather the actor seems to be attempting to discredit Mandiant’s research blog on UNC2165 and LockBit.
According to an investigation provided by Mandiant on June 2, a long-running cybercrime gang that was sanctioned by the US government in 2019 is utilizing LockBit 2.0 off-the-shelf ransomware to avoid sanctions. Mandiant refers to these organizations together as UNC2165.
In a message posted to LockBit 2.0’s website, Mandiant was dubbed “not professional” and was criticized for the latest findings regarding a cybercrime organization. The gang denied any relation to Evil Corp in its note and defined themselves as real underground dark net hackers that have no affiliation with politics or special services like the FSB, FBI, and other government agencies.
Emsisoft threat analyst Brett Callow says the organization behind LockBit has made a lot of bogus statements in the past, and the latest announcement is not the only one. A number of cybersecurity experts in the ransomware research field suggest that LockBit’s assertions may have no validity at all. A spokesperson Mark Karayan, Mandiant’s Senior Manager for Marketing Communications claimed that it has not yet identified proof of a compromise that can prove the assertions made by LockBit.
After being discovered as ABCD ransomware in September 2019, the LockBit 2.0 ransomware-as-a-service variant has claimed thousands of victims worldwide.
LockBit has previously attacked the Bulgarian Refugee Agency, the French Ministry of Justice, and Accenture with LockBit 2.0 version ransomware, and failed to acquire $50 million from the organization. In 2020, an attack on FireEye, the former parent company of Mandiant, disclosed the beginnings of the so-called SolarWinds breach, which later was spread to include victims among government agencies and key technology businesses.