The LockBit ransomware group has disputed the allegation of its connection to the Russia-based Evil Corp cybercrime gang following a report from the cybersecurity firm Mandiant released last week that Evil Corp has now switched to the LockBit RaaS in effort to dodge the US sanctions.
On June 6, LockBit published an announcement on their data leak website, claiming that it will leak 356,841 files allegedly stolen from Mandiant. The page showed a 0-byte file named 'mandiantyellowpress.com.7z' that appears to be related to a mandiantyellowpress[.]com domain, which redirects to the ninjaflex[.]com site.
Mandian told the tech news site BleepingComputer that it is aware of LockBit’s claims and it hadn’t yet found any evidence that the company’s systems were compromised.
“Mandiant is aware of these LockBit-associated claims. At this point, we do not have any evidence to support their claims. We will continue to monitor the situation as it develops,” Mark Karayan, Mandiant's Senior Manager for Marketing Communications, told BleepingComputer.
Later in the day, the group carried out its threat and published the data, but it appears that this wasn’t about files stolen from Mandiant, but rather it was a statement from the group claiming that it has nothing to do with Evil Corp.
“I was very surprised to read the news on Twitter from the yellow press. mandiant.com are not professional. Any scripts and tools for attacks, are publicly available and can be used by any hacker on the planet, most of the attack methods are on the forums, githab and google, the fact that someone uses similar tools can not be proof that the attack is done by the same person,” reads the message.
“Our group has nothing to do with Evil Corp. We are real underground darknet hackers, we have nothing to do with politics or special services like FSB, FBI and so on.”
Mandiant said that it has reviewed the data disclosed in the initial LockBit release and that it has found no evidence its data was leaked, “but rather the actor appears to be trying to disprove Mandiant's June 2nd, 2022 research blog on UNC2165 and LockBit.”