The LockBit ransomware gang likely imitated an attack on cybersecurity firm Mandiant to push the point that they're not affiliated with a Russia-based hacker group.
Infosec pundits flooded Twitter with claims that the LockBit ransomware gang attacked a prominent cybersecurity firm Mandiant, soon to be acquired by Google.
Earlier on Monday, hackers posted a note on their dark web leak site, saying they've stolen Mandiant's data and will release the files to the public by the end of the day. However, the story appears to be a media stunt by the people behind LockBit ransomware.
By the end of the day, LockBit released supposedly stolen files only to reveal a statement distancing the group from Evil Corp, a Russia-based ransomware group sanctioned by the US.
Hackers did not target Mandiant accidentally. Last week researchers published a report which said Evil Corp started using LockBit ransomware tools to avoid US sanctions. According to Mandiant, Evil Corp is deploying ransomware as a LockBit affiliate.
"Our group has nothing to do with Evil Corp. We are real underground darknet hackers, we have nothing to do with politics or special services like FSB, FBI and so on," reads LockBit's statement released in a supposed leak.
Mandiant claims that their review shows no evidence to support claims the company has been breached. After reviewing LockBit's release, the company said hackers might have had other motives in mind.
"Based on the data that has been released, there are no indications that Mandiant data has been disclosed but rather the actor appears to be trying to disprove Mandiant's 2nd June 2022 research blog on UNC2165 and LockBit," the company told Cybernews.
With Mandiant denying it was hacked, the whole ordeal seems to be a performance for the media. For example, LockBit's leak site showed one file titled 'mandiantyellowpress.com.7z.' The group's statement begins with a poke at Mandiant being the 'yellow press' for linking LockBit and Evil Corp.
Evil Corp has been on the US Department of Treasury's sanction list since 2019 for using Dridex malware to steal $100 million in 40 countries worldwide. Additionally, the US Department of State offers a $5 million bounty for information on Evil Corp's member Maksim Yakubets.
More from Cybernews:
Subscribe to our newsletter