cyber daily logo

Breaking news and updates daily. Subscribe to our Newsletter

Breaking news and updates daily. Subscribe to our Newsletter X facebook linkedin Instagram Instagram

Mandiant denies LockBit hack claims due to ‘no evidence’ of breach

LockBit ransomware gang has claimed to have hacked security vendor Mandiant, threatening to leak over 350,000 stolen files online.

user iconReporter
Wed, 08 Jun 2022
Mandiant denies LockBit hack claims due to ‘no evidence’ of breach
expand image

Following LockBit's claim, Mandiant responded that it had found "no evidence" of a breach. The security vendor believes the move is in retaliation to an investigation into LockBit's relationship with Russian cyber gang Evil Corp.

LockBit has reportedly published two files to its victim blog on the dark web which the group claims are from their Mandiant hack. According to the group, it has more data to release stating that "all available information will be published", on its blog.

Last week, Mandiant released a report into LockBit and its relationship to the Russian cyber crime gang Evil Corp. LockBit released a statement in response, calling out the security vendor, asserting that "Mandiant.com are not professional", and took the opportunity to distance itself from the association by stating it "has nothing to do with Evil Corp".


"We are real underground darknet hackers, we have nothing to do with politics or special services like the FSB, FBI and so on," LockBit said in its statement.

In 2019, the US government sanctioned Evil Corp members as part of an international sting operation, which it described at the time as "one of the world's most prolific cyber crime operations".

The new Mandiant report outlines the reason for its belief that Evil Corp members are using LockBit malware "to hinder attribution efforts in order to evade sanctions".

Meanwhile, Mandiant is currently in the process of being acquired by Google for around $5.4 billion. The security vendor is aware of the claims but has "found no evidence" of the apparent LockBit breach.

"Based on the data released, there are no indications that Mandiant data was disclosed, but rather, the actor appears to be trying to disprove Mandiant's blog on UNC2165 and LockBit," Mandiant said.

According to Kaspersky, LockBit is known for requesting financial payment from its victims in exchange for decryption of information. Formerly known as ABCD and active since 2019, the ransomware gang's high-profile victims include Accenture, in which LockBit demanded $50 million in exchange for stolen data in 2021. The Kaspersky report noted that no data was released after the countdown timer set up for payment of the ransom stopped.

"It focuses mostly on enterprises and government organisations rather than individuals," Kaspersky's report stated.

In a Tech Monitor report, Xue Yin Peh, senior cyber threat intelligence analyst at Digital Shadows, explained that this "new alleged attack could be a further attempt to discourage Mandiant from linking LockBit and Evil Corp".

"Its reasons for the attack are likely to be to avoid the ensuing scrutiny and attention that would come with being affiliated with a sanctioned cyber criminal group [Evil Corp],” Peh said.

While a countdown timer on LockBit's blog post appears to indicate there is deadline for the release of information, it is not known if a ransom demand has been made to Mandiant.

[Related: archTIS expands Channel Partner Program to Asia-Pacific via i-Sprint]

cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.