The notorious ransomware gang Mandiant claimed that they have stole 356,841 files from the American cybersecurity firm Mandiant. The gang threatened the company with a countdown. After the countdown ends, stating “All available data will be published!” However, that gang didn’t publish any files yet.
No evidence
On the other hand, Mandiant responded to the claims and announced that they haven’t found any evidence of a breach. Mark Karayan, Senior Manager for Marketing Communications of Mandiant said;
« Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops. »
Mandiant says it's looking into Lockbit ransomware gang's claims:
“Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops.” pic.twitter.com/JLM5ob1yCi
— Sergiu Gatlan (@serghei) June 6, 2022
However, further investigations have revealed that the data published by the LockBit group wasn’t files from the Mandiant. The page includes a 0-byte file, mandiantyellowpress.com.7z. The domain mandiantyellowpress.com, which is registered today, redirects to ninjaflex.com. Mandiant’s Karayan has delivered the following statement after the investigation of the published files:
« Mandiant has reviewed the data disclosed in the initial LockBit release. Based on the data that has been released, there are no indications that Mandiant data has been disclosed but rather the actor appears to be trying to disprove Mandiant’s June 2nd, 2022 research blog on UNC2165 and LockBit. »