The LockBit threat gang recently announced that their group had stolen critical data from one of the biggest security incident response firms, Mandiant. Several reports have uncovered seeing Mandiant’s data on the gang’s leak site being listed as one of their victims, with an attached notice about their data being published soon.
However, the security firm has strongly denied being compromised by the Lockbit gang and said there is no evidence to support those claims. Mandiant also assures their clients and partners that they are closely monitoring the situation.
Researchers are pondering how LockBit’s claims against Mandiant came after the RSA Conference, one of the largest cybersecurity assemblies, opened in San Francisco, USA.
Another factor that security researchers speculate about is how the LockBit claims had come only a few days after Mandiant was revealed to have evidence against the UNC2165 threat group refraining from using the Hades ransomware strain to support LockBit. Based on earlier reports, the US had previously sanctioned a UNC2165 affiliate group dubbed ‘Evil Corp,’ thus discarding the Hades strain might be an effort to disassociate LockBit from the penalised group.
From the most recent updates about the incident, Mandiant reports reviewing the data that the Lockbit gang had unveiled from an initial release and stressed that there are still no indications of compromise from the malicious claims.
Furthermore, the security firm stated that the threat group might only be attempting to disprove their statement from a blog they released about their association with UNC2165 and Evil Corp. Separate researchers also added that the LockBit gang had already declared some false statements in the past, with this recent claim on Mandiant being one of them.
Many security researchers also agree that the recent claim was a move for LockBit to detach themselves from Evil Corp and evade sanctions from the US. The threat group has a history of announcing false claims against organisations and posting names on their leak site that eventually proved bogus. There are also instances when the group steals data from third-party vendors and claims it to be stolen data from their alleged targeted victims.
The conclusion to the LockBit’s claims against Mandiant is yet to be resolved, but many security firms are confident that whichever way it goes, the LockBit gang would face serious implications.
