The municipality of Palermo suffers major disruptions due to a ransomware attack
June 6, 2022
Conti ransomware finally closes the book on their operations
June 24, 2022

Mandiant confirms no evidence of an attack from the LockBit ransomware group

On Monday 6th of June, the LockBit ransomware gang published a new page on their data leak website that named Mandiant, a major American cybersecurity firm as the victim where they claimed to have stolen 356,841 files from Mandiant. On further investigation of the new page, there is a 0-byte file named ‘mandiantyellowpress.com.7z’ displayed on the page which appears to be related to a mandiantyellowpress[.]com domain but when an individual visits this page, they are redirected to the ninjaflex[.]com site. 

When asked to comment on the claim by LockBit, Mandiant said it hadn’t yet found evidence of a breach and they are continuing to investigate and monitor the situation as it develops. Although when the allegedly stolen files were published, the files didn’t seem to be related to Mandiant’s network, it seemed to be an attempt by LockBit to distance itself from the Evil Corp cybercrime gang. This could be related to the recent Mandiant report which revealed the Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets’ networks to evade U.S. sanctions. Therefore, LockBit could be worried about the lost revenue of their operations as their victims will stop paying ransoms due to Evil Corp being sanctioned by the U.S. government.

Since the publication of the files from the LockBit page, Mandiant has confirmed that there are no indications that Mandiant data has been disclosed. And they stated that this could be an attempt by LockBit to disprove the recent research blog on UNC2165 and LockBit.

Leave a Reply

Your email address will not be published. Required fields are marked *