Lockbit Strikes Mandiant – But No Evidence

LockBit ransomware gang claims to have hacked Mandiant, stealing more than 350,000 files and threatening to leak them online.

Mandiant says it has found no evidence of a breach, and believes LockBit may be striking back after Mandiant released an investigation into its relationship to Russian cyber gang Evil Corp.

The claims emerged as LockBit published handful of files to its victim blog on the dark web which it claims acquired from an attack on Mandiant. The group says it has more data to release: “all available information will be published!”.

It is not known if a ransom demand has been made to Mandiant, but a countdown timer on the post appears to indicate that the deadline for the release of information is approaching.

Based on the data released, there are no indications that Mandiant data was disclosed but rather the actor appears to be trying to disprove Mandiant’s blog on UNC2165 and LockBit.- Mandiant statement

Mandiant released a report into LockBit and its relationship to the Russian cybercrime gang Evil Corp last week. The US government sanctioned Evil Corp members in 2019 as part of an international sting operation, describing it as one of the world’s most prolific cybercrime operations.

The new Mandiant report explains that it believes Evil Corp members are now using LockBit malware to hinder attribution efforts in order to evade sanctions.