A threat analyst at the cybersecurity firm Mandiant has been hacked and the attackers are claiming to have lurked on his computer for a year, collecting his login credentials for various sites and tracking his location.
The hackers obtained internal data about the clients protected by Mandiant and its parent company FireEye, including the Israeli Defence Forces. Mandiant confirmed the data breach.
“We are aware of reports that a Mandiant employee’s social media accounts and personal laptop have been compromised. We are investigating this situation, and have taken steps to limit further exposure,” a FireEye spokesperson told Gizmodo. “While our investigation is ongoing, there is currently no evidence that FireEye or Mandiant corporate systems have been compromised. Our top priority is ensuring that our customer data is secure. To date, we have confirmed the exposure of business documents related to two separate customers in Israel, and have addressed this situation with those customers directly.” The spokesperson added that the investigation is ongoing.
The Mandiant employee, Adi Peretz, appears to have been targeted because of his work—a post apparently written by the hackers mentions that Peretz may have disrupted one of their breach plans:
For a long time we - the 31337 hackers - tried to avoid these fancy ass “Analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say fuck the consequence let’s track them on Facebook, Linked-in, Tweeter, etc. let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).
Although it’s easy to laugh at someone's LinkedIn page being defaced with a picture of hairy buttocks, the hack just goes to show that even security professionals can be vulnerable. Industry professionals are probably taking some time today for a security checkup, and you should, too. [The Next Web]