At the end of July, anonymous hackers published documents stolen from an employee of cybersecurity firm FireEye, and claimed that more data would follow. On Monday, the hackers seemingly followed up, and released a second cache of alleged documents, passwords, and other files, although many of them do not directly reference FireEye.
The hackers also published a post on Pastebin which mocked FireEye. Apart from clearly being focused on the company, which provides defensive security products and produces research into hacking campaigns, the exact motivations of the hackers remains unclear. FireEye told Motherboard on Monday it is investigating the release.
"Guess what, we're going to punish the lairs [sic], the fat riches who care only about their stock shares," the hackers wrote in a Pastebin post on Monday.
The dump is relatively small, containing just over two dozen files and totalling in at around 3MB. One document appears to be a forensics report from Illusive Networks, an Israeli security firm. Another relates to the Israeli Bank Hapoalim, and at least one file appears to have been modified by the hackers, with the text "COOL! #LeakTheAnalyst," the hashtag the hackers have claimed for the campaign, plastered on top. Neither representatives of Bank Hapoalim, a bank employee mentioned in one of the documents, or Illusive Networks immediately responded to a request for comment.
Google searches for sections of the forensics report, which is marked "confidential," returned no relevant results, implying the document is not publicly available.
In an earlier blog post published after the first release, FireEye said it believed that data was stolen from a single employee's LinkedIn, Hotmail, and other online accounts, and said the firm had no evidence that internal company systems or machines had been compromised. That employee was Adi Peretz, a senior threat intelligence analyst at Mandiant, which FireEye owns.
It is not immediately clear whether this latest cache of documents was obtained in the same way, although the hackers claim FireEye lied in its earlier response.
"Well we were waiting FireEye for a public comment and FireEye lied again, and they lied in cost of their customers. They did a mistake," the hackers wrote in the Pastebin post.
"Oh yeah, It was funny seeing their frustration during these days. Trying to track us while keeping their shares value not to drop under $14," they continue. In their post the hackers also pointed to a series of specific security researchers and journalists who had commented on the earlier dump, praising some and mocking others.
"We are aware of this latest document release and are investigating the incident. We plan to share an update as soon as possible," a FireEye spokesperson told Motherboard in an email.