A note purported to be from the hacker spread on social media while a FireEye analyst’s LinkedIn appeared to have also been hacked, with the perpetrator posting numerous expletive-laden messages.
The employee’s bio was changed to state: “I’ve been hacked, all my data, all your chats, all my contacts, your numbers, your emails along with my credentials have been leaked. My devices are also nuked [sic].”
At the same time Twitters users began sharing a link to a document that appeared to show details of the attack – claiming the hacker first gained access to Mandiant in 2016.
The document contained a link and password to a file which it claimed contains details of the information obtained from the hack – as well as a link to the hacked employee’s LinkedIn page. The LinkedIn profile has since been taken down.
The document contained the hashtag ‘#Leaktheanalyst’ which has since been used by numerous Twitter users speculating on the incident.
The report goes on to list “potential” targets, including the Israeli Prime Minister’s office, LinkedIn contacts and third-party contractors.
“Mandiant Internal networks and its clients data has been compromised (might be leaked separately),” it added.
However there is no sign that FireEye or Mandiant systems have been compromised and it appears it was just a social media hack.
The hacker ranted that their actions were not financially driven.
“For a long time, we – the 31337 hackers – tried to avoid these fancy a** “analysts” whom trying to trace our attack footprints back to us and prove they are better than us. In the #LeakTheAnalyst operation we say f**k the consequence let’s track them on Facebook, LinkedIn, Tweeter , etc.
“Let’s go after everything they’ve got, let’s go after their countries, let’s trash their reputation in the field. If during your stealth operation you pwned an analyst, target him and leak his personal and professional data, as a side job of course ;).”