LockBit claims Mandiant data will be published, Mandiant says no evidence of theft

Share post:

A major ransomware gang claimed today it has data from Google subsidiary Mandiant, one of the biggest names in threat intelligence and incident response. According to several news sites, the LockBit gang’s data leak site now lists Mandiant.com as one of its victims, along with the notice “All available data will be published.” Mandiant quickly responded to reporters’ requests for comment by issuing this statement: “Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops.” Coincidentally the LockBit statement comes as one of the world’s biggest cybersecurity meetings, RSA Conference, opens in San Francisco. It also comes four days after Mandiant said there’s evidence a threat group it names UNC2165 has moved away from using the Hades ransomware strain in favour of LockBit. This, the report argues, is because the U.S. has sanctioned the gang known as Evil Corp. UNC2165 seems to be an Evil Corp affiliate, Mandiant says, so the shift in ransomware strain could be an attempt to distance the gang from the sanctioned entity, Originally an independent company, Mandiant was bought by FireEye for US$1 billion in December, 2013. After FireEye was acquired by Symphony Technology Group for US$1.2 billion in June 2021, Google bought Mandiant for US$5.4 billion, with the goal of integrating it into its Google Cloud division. Brett Callow, a threat analyst at Emsisoft, warned against accepting the LockBit claim at face value. “LockBit has made bogus claims in the past, and I suspect this is another of them. In fact, it may well be nothing more than a troll in response to Mandiant’s recent report claiming that Evil Corp was using LockBit’s affiliate program in an attempt to evade [U.S.] sanctions. The fact that LockBit timed the announcement to coincide with the start of RSAC could also point to it being a troll designed to cause embarrassment.” Chris Olson, CEO of The Media Trust, a mobile app and website security provider agreed. “With Mandiant claiming “we do not have any evidence” to support LockBit’s claim, this is a developing story which we should take with a grain of salt. In the past, LockBit has posted names on its website only to drop them without explanation – it has also stolen data from organizations through a third-party vendor while falsely claiming to have breached its victims directly. Until more information emerges, the Mandiant story may go in either of those directions. “LockBit acts on a ransomware-as-a-service (RaaS) model, meaning the actors who may have initiated this breach cannot be directly identified. This could be a useful tactic for the enemies Mandiant has acquired since it first began operating at the frontlines of global cyberwarfare. In 2013, it implicated Chinese actors in cyber espionage – in 2020, it helped investigate Russian groups responsible for the SolarWinds hack. More recently, it has been tracking the Russia-based cybercriminal group ‘Evil Corp’, which has begun working with LockBit to evade U.S sanctions.For now, we don’t know if LockBit’s claims are true. But if they are, they could have serious implications for cybersecurity research firms who are increasingly ending up in the crosshairs of global cyber actors.” The post LockBit claims Mandiant data will be published, Mandiant says no evidence of theft first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Cyber Security Today, Week in Review for week ending Friday, June 21, 2024

Welcome to Cyber Security Today. This is the Week in Review edition for the week ending Friday June...

Cyber Security Today, June 21, 2024 – US to ban Kaspersky for businesses, consumers

U.S. to ban the sale of Kaspersky products to consumers and businesses. Welcome to Cyber Security Today. It's Friday...

Biden administration to ban US sales of Kaspersky software over ties to Russia

The Biden administration is set to announce a ban on the sale of Kaspersky Lab's antivirus software in...

Security bug may allow anyone to spoof Microsoft employee emails

A security researcher claims to have discovered a bug that enables anyone to impersonate Microsoft corporate email accounts,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways