A threat analyst at the cybersecurity firm Mandiant has been hacked and the attackers are claiming to have lurked on his computer for a year, collecting his login credentials for various sites and tracking his location.
The hackers got their hands on some internal data about the clients Mandiant and its parent company FireEye protect, including the Israeli Defence Forces. Mandiant confirmed the data breach.
“We are aware of reports that a Mandiant employee’s social media accounts and personal laptop have been compromised. We are investigating this situation, and have taken steps to limit further exposure,” a FireEye spokesperson told Gizmodo. “While our investigation is ongoing, there is currently no evidence that FireEye or Mandiant corporate systems have been compromised. Our top priority is ensuring that our customer data is secure. To date, we have confirmed the exposure of business documents related to two separate customers in Israel, and have addressed this situation with those customers directly.” The investigation is ongoing, the spokesperson added.
Mandiant’s employee, Adi Peretz, appears to have been targeted because of his work — a post apparently written by the hackers mentions that Peretz may have disrupted one of their breach plans. Here’s what they allegedly had to say:
For a long time we – the 31337 hackers – tried to avoid these fancy arse “Analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say fuck the consequence let’s track them on Facebook, Linked-in, Tweeter, etc. let’s go after everything they have got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).
Although it’s easy to laugh at a guy whose LinkedIn page got defaced with a picture of a hairy butt, the hack just goes to show that even security professionals can be vulnerable. Industry professionals are probably taking some time today for a security checkup, and you should, too.