Cybersecurity firm Mandiant goes viral after China hacking report

Advertisement
By Reuters | Updated: 23 February 2013 12:40 IST
Cyber-security company Mandiant Corp won plaudits from its peers and made front-page news around the world this week when it published a report that purportedly traced a series of cyber-attacks on U.S. companies to a Shanghai-based unit of the Chinese army.

But some hackers have turned the tables on the cyber-expert by creating malicious versions of its 74-page report that were infected with computer viruses. They emailed the tainted reports to their victims this week in a bid to wreak havoc under Mandiant's name.

Though the episode was embarrassing, the company said its systems were not breached. "Mandiant has not been compromised," the company said on its corporate blog.

Advertisement

Mandiant was founded in 2004 by Kevin Mandia, a former U.S. Air Force cyber-forensics investigator who co-authored an influential textbook on the subject. The company made its name by automating processes used to investigate computer breaches.

Mandiant was largely unknown outside the computer security industry until Monday, when it fingered the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind a Chinese hacking group known as APT1.

China's Defense Ministry issued a flat denial of the accusations and called them "unprofessional." But Mandiant won kudos for the unprecedented level of detail in its report, including the location of a building in Shanghai's Pudong financial hub from which Mandiant said the unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006."

Other security companies that have published reports on cyberattacks have shied away from so clearly identifying their perpetrators.

Advertisement

"It was a wonderful report," said Michael Hayden, a former director of the CIA and National Security Agency, who is now with the Chertoff Group. "Everybody is saying 'it's about time.'"

The report did not identify the victims of APT1 or Mandiant's customers, though the company says it has worked for about 40 percent of the Fortune 500.

Advertisement

When asked why he had decided to go public with this report, Mandia, 42, told Reuters, "There is mounting frustration in the private sector. Tolerance is shrinking. We also have a bunch of employees here who are ex-military who sense that frustration and said, 'Let's push this out.'"

The report comes ahead of next week's annual RSA Conference on security in San Francisco, where Mandiant will showcase its products to help companies identify security breaches.

Advertisement

IPO in the cards?
Mandiant says it begins investigations by installing software it has developed that searches for infections by looking for evidence hackers leave behind. It refers to those digital signatures as Indicators of Compromise, or IOCs.

The proprietary database of those indicators makes up a critical part of the "special sauce" that automates the investigation process and, Mandiant says, enables investigators to root out attackers faster than rivals.

The company has thousands of IOCs in its database, which it is constantly expanding.

"We tend not to take the small jobs. We take the big ones - the ones you would love to read about in the paper, but we keep them out of the paper," said Mandiant's chief security officer, Richard Bejtlich.

Some investors have speculated that Mandiant is preparing for an initial public offering in the next year or so. On Friday, it named Mel Wesley to the post of chief financial officer. Wesley was CFO of publicly held OPNET, which was sold to Riverbed Technology in December for about $1 billion.

Mandia, who raised $70 million by selling stock to Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers and One Equity Partners, the private investment arm of JPMorgan Chase & Co, said he is in no rush to go public. "I do not believe we need more capital," he said.

Ted Schlein, a partner with Kleiner Perkins, declined to say if an IPO was in the works, but told Reuters: "They are certainly of the size and they certainly have the operating metrics to be a public company."

Mandia said revenue soared 60 percent last year to about $100 million, and he expects it to climb at about the same clip this year on rising demand for Web-based services that help businesses identify when they have been attacked.

The New York Times and News Corp's Wall Street Journal recently disclosed that they hired Mandiant to investigate cyberattacks. The company has done similar work for Thomson Reuters Corp, parent of Reuters News, according to two sources with knowledge of the matter. A spokesman for Thomson Reuters declined to confirm it.

Premium fees
Mandiant declined to discuss its fees, though analysts say they are among the highest in an industry where rivals include much bigger companies such as Accenture, AT&T Inc, Deloitte, PwC and Verizon Communications Inc, which offer cyber-forensics alongside other services.

Mandiant consultants often bill at rates of $450 or more an hour, said a person familiar with the company. Teams of consultants investigate breaches for weeks and sometimes several months, typically ringing up bills of between $250,000 and $1 million.

John Pescatore, director of emerging security trends for the SANS Institute, says Mandiant can charge a premium partly because it gets strong recommendations from the government and other customers.

There is often a waiting list for its services.

"It's supply and demand. You call Mandiant and Mandiant tells you when they can show up," said the person familiar with the company, who was not authorized to publicly discuss its finances.

Mandiant also competes against CrowdStrike and Cylance, which are run by the founders of a company known as Foundstone, a pioneer in cyber-forensics that had hired Mandia away from the military. He left Foundstone in 2004 to start Mandiant.

© Thomson Reuters 2013

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Amazon Prime Day 2026: Best Deals on Redmi and Xiaomi Smartphones
  2. Amazon Prime Day Laptop Deals: Best Discounts on HP, Asus, Lenovo and More
  3. Amazon Prime Day 2026: Best Deals on Soundbars From JBL, and More
  4. Best Thin and Light Laptops Under Rs. 70,000 for College Students in India
  5. Best Camera Phones Under Rs. 30,000 for Content Creators in India
  6. Amazon Prime Day 2026: Top Deals on 65-inch Smart TVs
  7. Amazon Prime Day 2026: Best Deals on Smartphones Under Rs. 15,000
  1. Amazon Prime Day 2026 Laptop Deals: Best Discounts on HP, Asus, Lenovo, Dell, Acer Models
  2. Best Camera Phones Under Rs. 30,000 for Content Creators in India: Motorola Edge 70 Fusion, Galaxy F56, More
  3. Boat Stone 900 Launched in India With Up to 80W Sound Output, Up to 15 Hours Audio Playback: Price, Features
  4. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  5. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  6. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  7. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  8. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  9. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  10. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.