{"id":6796,"date":"2022-06-07T21:43:57","date_gmt":"2022-06-07T12:43:57","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=6796"},"modified":"2022-06-30T21:48:33","modified_gmt":"2022-06-30T12:48:33","slug":"mandiant-confirms-no-evidence-of-an-attack-from-the-lockbit-ransomware-group","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/mandiant-confirms-no-evidence-of-an-attack-from-the-lockbit-ransomware-group\/","title":{"rendered":"Mandiant confirms no evidence of an attack from the LockBit ransomware group"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"6796\" class=\"elementor elementor-6796\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-0ddfda0 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"0ddfda0\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-10b8ed9\" data-id=\"10b8ed9\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-2b5ff66 elementor-widget elementor-widget-text-editor\" data-id=\"2b5ff66\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p class=\"MsoNormal\" style=\"margin-bottom: 0cm; line-height: normal;\"><span lang=\"EN-GB\">On Monday 6th of June, the LockBit ransomware gang published a new page on their data leak website that named Mandiant, a major American cybersecurity firm as the victim where they claimed to have stolen 356,841 files from Mandiant. On further investigation of the new page, there is a 0-byte file named &#8216;mandiantyellowpress.com.7z&#8217; displayed on the page which appears to be related to a mandiantyellowpress[.]com domain but when an individual visits this page, they are redirected to the ninjaflex[.]com site.<\/span><span lang=\"EN-GB\">\u00a0<\/span><\/p><p class=\"MsoNormal\" style=\"margin-bottom: 0cm; line-height: normal;\"><span lang=\"EN-GB\">When asked to comment on the claim by LockBit, Mandiant said it hadn&#8217;t yet found evidence of a breach and they are continuing to investigate and monitor the situation as it develops. Although when the allegedly stolen files were published, the files didn\u2019t seem to be related to Mandiant&#8217;s network, it seemed to be an attempt by LockBit to distance itself from the Evil Corp cybercrime gang. This could be related to the recent Mandiant report which revealed the Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets&#8217; networks to evade U.S. sanctions. Therefore, LockBit could be worried about the lost revenue of their operations as their victims will stop paying ransoms due to Evil Corp being sanctioned by the U.S. government.<\/span><\/p><p class=\"MsoNormal\" style=\"margin-bottom: 0cm; line-height: normal;\"><span lang=\"EN-GB\">Since the publication of the files from the LockBit page, Mandiant has confirmed that there are no indications that Mandiant data has been disclosed. And they stated that this could be an attempt by LockBit to disprove the recent research blog on UNC2165 and LockBit.<\/span><\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Monday 6th of June, the LockBit ransomware gang published a new page on their data leak website that named Mandiant, a major American cybersecurity firm as the victim where they claimed to have stolen 356,841 files from Mandiant. On further investigation of the new page, there is a 0-byte file named &#8216;mandiantyellowpress.com.7z&#8217; displayed on the page which appears to<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":6801,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[225,6,10,12,9,2,1],"tags":[],"class_list":["post-6796","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-heavy-industry","category-latest_news","category-latest_vulnerabilities","category-read_article","category-ransomware_criminals","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/06\/Picture1-5.jpg?fit=1377%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6796"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=6796"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6796\/revisions"}],"predecessor-version":[{"id":6804,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/6796\/revisions\/6804"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/6801"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=6796"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=6796"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=6796"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}