Mandiant analyst allegedly hacked since 2016

Quote from the article:
The bulk of the leaked data is a 337MB PST file containing the analyst’s emails.

In addition to that are images detailing the compromise of their One Drive account, Live account, LinkedIn account, geo-tracking of personal devices for at least a year, billing records and PayPal receipts, credentials for an engineering portal at FireEye, WebEx and JIRA portals, as well as Live and Amazon accounts. There are also records related to an alleged customer, Bank Hapoalim, and internal documentation and presentations, including one for the IDF (Israel Defense Forces) from 2016.

Hackers claim credit for alleged hack at Mandiant, publish dox on analyst | CSO Online

Find more posts tagged with

Comments

gespenstern

Downloaded it already. Intend to go over it to see how their internal kitchen works, interesting.

gespenstern

So I looked into this, not sure if it's appropriate to share the details here... so I won't.

Overall it looks like a single compromised computer of a FireEye employee who looks to be an Israeli analyst.

Most of the data compromised are personal accounts of this person. There are actually just several FireEye documents and they are regular forms, a completed order for an Israeli bank and an APT28 profile (which is crap and can be accessed by anyone who has a FireEye cloud subscription).

Either the device compromised was used just barely or it's kind of odd that they got just a few docs out of it. Maybe they didn't publish everything yet and in this case more leaks are to be expected.

A daily reminder: watch for malspam, don't launch anything you don't trust 100%, if launched shut down the system immediately and call specialists, don't ever reuse passwords.

alias454

Ya I didn't go through it but the article mentioned this was just a taste of what was got. Of course we won't know until more is released.

TheFORCE

How are you guys getting this stuff? Are you concerned of any repercussions or do you have some other workaround?