The threat actors who two weeks ago targeted FireEye subsidiary Mandiant, leaking data stolen from an analyst working for the firm, are now claiming to have leaked FireEye documents for a second time, according to The Hill.
The latest data dump was posted to pastebin and appears to contain much more than a financial calendar and miscellaneous files, according to a screenshot of the leak tweeted by independent Security Researcher x0rz.
On July 31, a group calling itself “31337” dumped Mandiant information including details on Mandiant’s network topology, licenses, and business contracts, as well as the victimized researcher’s emails and account credentials.
In response to the initial leak, FireEye claimed the hackers found passwords to those accounts among the millions of credentials stolen and dumped online when social media and email companies were themselves hacked and that all but three internal documents released by the group were either available publicly or fabricated.
It is unclear what information was released in the second batch but FireEye acknowledged there was a second incident. “We are aware of this latest document release and are investigating the incident,” a FireEye spokesperson told SC Media. “We plan to share an update as soon as we can.”