Security

Hackers Steal Data From Security Researcher

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Follow on: Google +

Hacker group 31337 Hackers says it is carrying out a broad campaign targeting the security analysts who help track down cyber-criminals

Hackers have leaked data apparently obtained from a security analyst as part what they called a broader campaign against the firms that investigate cyberattacks.

A group calling itself 31337 Hackers published data on a researcher at Mandiant, a unit of California-based FireEye that focuses on breach investigations, and whose clients include large organisations and governments.

Researcher targeted

The data, contained in links published on Pastebin on Monday night, included screenshots of the researcher’s desktop computer and files indicating the hackers may have accessed the individual’s accounts including Hotmail, OneDrive and LinkedIn.

Files related to the researcher’s work were included in the leaked archives and as of Monday night the person’s LinkedIn account had also been defaced.

crime scene forensics31337 Hackers, whose name includes the word ‘ELEET’ spelled out in numbers, said in a message accompanying the files that the “#LeakTheAnalyst operation” is aimed at tarnishing the good name of people who help track cyber-criminals.

“Let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field,” they said in the message.

The attackers claimed to have “breached (Mandiant’s) infrastructure” and obtained client data, but FireEye said no breach had occurred.

‘No breach’ involved

“We are aware of reports that a Mandiant employee’s social media accounts were compromised,” FireEye said in a statement. “We immediately began investigating this situation and took steps to limit further exposure. Our investigation continues, but thus far it, we have found no evidence FireEye or Mandiant systems were compromised.”

Researcher Hanan Natan and Kaspersky Lab’s Ido Naor both said they doubted Mandiant’s internal systems had been compromised.

“Only one workstation seems to be infected,” Naor wrote on Twitter. “(The) dump does not show any damage to core assets of ‪Mandiant‬.”

FireEye acquired Mandiant in 2013 for more than $1 billion (£760m).

Do you know all about security in 2017? Try our quiz!