LockBit claims Mandiant data will be published, Mandiant says no evidence of theft

Share post:

A major ransomware gang claimed today it has data from Google subsidiary Mandiant, one of the biggest names in threat intelligence and incident response. According to several news sites, the LockBit gang’s data leak site now lists Mandiant.com as one of its victims, along with the notice “All available data will be published.” Mandiant quickly responded to reporters’ requests for comment by issuing this statement: “Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops.” Coincidentally the LockBit statement comes as one of the world’s biggest cybersecurity meetings, RSA Conference, opens in San Francisco. It also comes four days after Mandiant said there’s evidence a threat group it names UNC2165 has moved away from using the Hades ransomware strain in favour of LockBit. This, the report argues, is because the U.S. has sanctioned the gang known as Evil Corp. UNC2165 seems to be an Evil Corp affiliate, Mandiant says, so the shift in ransomware strain could be an attempt to distance the gang from the sanctioned entity, Originally an independent company, Mandiant was bought by FireEye for US$1 billion in December, 2013. After FireEye was acquired by Symphony Technology Group for US$1.2 billion in June 2021, Google bought Mandiant for US$5.4 billion, with the goal of integrating it into its Google Cloud division. Brett Callow, a threat analyst at Emsisoft, warned against accepting the LockBit claim at face value. “LockBit has made bogus claims in the past, and I suspect this is another of them. In fact, it may well be nothing more than a troll in response to Mandiant’s recent report claiming that Evil Corp was using LockBit’s affiliate program in an attempt to evade [U.S.] sanctions. The fact that LockBit timed the announcement to coincide with the start of RSAC could also point to it being a troll designed to cause embarrassment.” Chris Olson, CEO of The Media Trust, a mobile app and website security provider agreed. “With Mandiant claiming “we do not have any evidence” to support LockBit’s claim, this is a developing story which we should take with a grain of salt. In the past, LockBit has posted names on its website only to drop them without explanation – it has also stolen data from organizations through a third-party vendor while falsely claiming to have breached its victims directly. Until more information emerges, the Mandiant story may go in either of those directions. “LockBit acts on a ransomware-as-a-service (RaaS) model, meaning the actors who may have initiated this breach cannot be directly identified. This could be a useful tactic for the enemies Mandiant has acquired since it first began operating at the frontlines of global cyberwarfare. In 2013, it implicated Chinese actors in cyber espionage – in 2020, it helped investigate Russian groups responsible for the SolarWinds hack. More recently, it has been tracking the Russia-based cybercriminal group ‘Evil Corp’, which has begun working with LockBit to evade U.S sanctions.For now, we don’t know if LockBit’s claims are true. But if they are, they could have serious implications for cybersecurity research firms who are increasingly ending up in the crosshairs of global cyber actors.” The post LockBit claims Mandiant data will be published, Mandiant says no evidence of theft first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, Week in Review for Friday, December 8, 2023

This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and  why outdated Microsoft Exchange servers are s

Canadian mid-sized firms pay an average $1.13 million to ransomware gangs

Survey for Palo Alto Networks also shows fewer firms willing to pay da

Cyber Security Today, Dec. 8, 2023 – Ransomware is increasingly impacting OT systems, and more

This episode reports on how hackers break into AWS cloud instances, fake anti-Ukraine online ads  using photos of celebrities

Canadian privacy czars release principles for responsible development of AI

The principles remind AI developers they have to follow Canadian data pr

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways