Network Security
Vulnerability Management
Privileged Access Management
Endpoint Security
Threat Hunting
Unified Endpoint Management
Email & Collaboration Security
Contents:
Threat actors are selling what they pretend to be data stolen from U.S. Marshals Service (USMS) servers in an incident that happened earlier this year. The post appeared on March 15 on a Russian-speaking hacking forum and advertises hundreds of gigabytes of information.
USMS is part of the Justice Department and offers assistance to the federal justice system. It carries out court orders issued by federal judges, ensures witnesses’ protection, seizes valuables, and more.
What Data Is for Sale
The post on the Dark Web is called “350 GB from US Marshal Service (USMS) law enforcement confidential information” and it requires a $150,000 price for the database.
The hackers claim that they have files from file servers and work machines dating from 2021 to February 2023. The database includes copies of identity documents, images of military bases and other high-security locations, and information on civilian wiretapping and surveillance.
Sellers also pretend that they offer top secret documents and witness protection program details.
The files also contain information on convicts, gang leaders, and cartels. The threat actor also claims that some files are marked as SECRET or TOP SECRET.
The threat actor also claims the database includes details about witnesses in the witness protection program.
The USMS Attack
The hackers manage to steal the advertised data in a ransomware attack over the USMS. The authorities announced the cybersecurity incident on February 17 as a “major incident”.
The announcement said that the hackers exfiltrated data including employees’ personally identifiable information. Fortunately, the witness protection program was not affected, according to this statement.
The affected system contains law enforcement sensitive information, including returns from legal processes, administrative information, and personally identifiable information pertaining to subjects of USMS investigations, third parties, and certain USMS employees.
This is not the first time USMS governmental authorities got hacked. USMS suffered another data breach in December 2019 that lead to a data leak containing details of more than 387,000 former and current inmates. The U.S. Federal Bureau of Investigation (FBI) also recently disclosed a cybersecurity incident.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and YouTube for more cybersecurity news and topics.
