LockBit Claims Ransomware Attack on Mandiant
At RSA, Mandiant unveiled a new intelligence-led solution as well as the general availability of a new module within its multi-vendor XDR platform, Mandiant Advantage. Both are designed to enable visibility into vulnerabilities, allowing organizations to take a proactive approach to cybersecurity.
However, the announcement was somewhat overshadowed by news that ransomware group LockBit 2.0 claimed it successfully attacked Mandiant. According to CyberScoop, LockBit posted a notice to its dark web portal Monday claiming it would release Mandiant files late Monday. There is no ransom demand posted to the page.
Mandiant, which is being acquired by Google Cloud, is skeptical that this is an actual attack:
“Mandiant has reviewed the data disclosed in the initial LockBit release. Based on the data that has been released, there are no indications that Mandiant data has been disclosed, but rather the actor appears to be trying to disprove Mandiant’s June 2, 2022, research blog on UNC2165 and LockBit.”
Chris Olson is CEO of The Media Trust, a digital safety provider.
“This is a developing story which we should take with a grain of salt,” he said. “In the past, LockBit has posted names on its website only to drop them without explanation – it has also stolen data from organizations through a third-party vendor while falsely claiming to have breached its victims directly. Until more information emerges, the Mandiant story may go in either of those directions.”
