Mandiant logo

Law enforcement authorities have arrested an individual believed to be behind Operation #LeakTheAnalyst that took place over the summer.

"For the past 90 days, we have worked closely with law enforcement, both domestically and internationally, to assist in the investigation and identification of the anonymous person who is responsible for the attack on one of our employees and who falsely claimed to have breached our corporate networks," said Kevin Mandia, CEO and Director of FireEye.

"As a result of our joint investigation, on Thursday, October 26, an individual was arrested by international law enforcement and taken into custody.

"Over my career, I've found it frustrating how little risk or repercussions exist for the attackers who hide behind the anonymity of the Internet and cause real harm to good, well-intentioned people. These attackers rarely, if ever, get caught. Therefore, I'm pleased that, in this case, we were able to impose repercussions for the attacker and achieve a small victory for the good guys," Mandia said.

News of the arrest came to light today when FireEye published a transcript of a conference call that detailed the company's Q3 2017 financial results.

Operation #LeakTheAnalyst took place over the summer

The hack Mandia is referring to is known online as #LeakTheAnalyst, a multi-stage operation during which hackers promised to leak data from security companies and security researchers.

The person behind the attacks went by the name of 31337 Hackers. They released a first batch of files on July 31, and a second set of files on August 14.

2nd batch of #LeakTheAnalyst files
Email promoting second batch of Mandiant leaks

While initially, the hackers claimed they breached the servers of Mandiant, FireEye's breach investigation unit, the leaked data didn't corroborate their claims.

Most of the data appeared to be files from the personal computer of a FireEye employee, and not something the hacker might have downloaded from Mandiant or FireEye servers.

FireEye denied the hack from the beginning

A FireEye spokesperson told Bleeping Computer in July that the company "found no evidence FireEye or Mandiant systems were compromised."

After the second leak of Mandiant files, the 31337 Hackers didn't publish any other files.

Mandia did not provide any other further details regarding the arrest, such as the hacker's name, age, nationality, or place of arrest.