A hacker is selling stolen data on a Russian-language hacking forum which may be from US Marshals Service servers. Hundreds of gigabytes of data are suspected of being acquired during the USMS security breach.
Contents of the Stolen Data
According to the threat actor, they are in possession of 350 GB worth of stolen law enforcement confidential data from the US Marshal Service. A newly registered account published the post with a price set at $150,000 for the files.
The hacker boasts that the database contains documents from the federal agency's file servers and work computers between 2021 to February 2023, without flooding like exe files and libraries, as mentioned in Bleeping Computer.
The files that they claim to have included drone footage and images of military bases along with their exact coordinates. They also claim to possess copies of passports, identification documents, wiretapping data, and surveillance of citizens.
The same goes for information on convicts, gang leaders, and individuals in the witness protection program. This can become problematic since some of the files are said to be marked "secret" and "top secret," if the hacker is to be believed.
Read Also: Scandinavian Airline Cyberattack Results in Leaked Passenger Data
USMS Security Breach
The reach may be linked to the acquisition of the stolen files that the threat actor is selling in the hacker forum. As reported before, the US Marshal Service suffered a cyber attack in late February. Based on the time bracket of the stolen files, this may very well be possible.
USMS spokesperson Drew J. Wade confirmed that the ransomware attack took place on February 17th and that it was a major incident. The that was stolen included returns from legal processes, administrative information, and data regarding USMS investigations.
Although the hacker selling the data claims that they have details of people under the witness protection program, the US Marshal Service notes that the threat actor did not manage to access it, according to The New York Times.
This has become a problem for the government and federal agencies since it appears that ransomware attacks or cyber attacks, in general, have been increasing over the years, risking the people whose information is held within the mentioned organizations' systems.
Wade mentioned that the Marshal Service had disconnected the standalone system upon discovery of the security breach. However, the claims of the threat actor selling the data on the hacking forum may suggest that the measure may have fallen short.
Some of the attacks happened in the final year of Trump's presidency, which resulted in the access of over 250 federal agencies and businesses, reports say. That includes the Treasury, State, Commerce, and Energy Departments, and parts of the Pentagon.
Just two weeks ago, the Federal Bureau of Investigation was also reported to have suffered a cyber attack. It affected one of its highest-profile field offices and the incident has already been isolated, according to the FBI.
It was still unknown who was behind the attack, but as mentioned in CNN, the officials in the affected office were working on isolating malicious cyber activities, specifically those that involved images of child exploitation.
Related: LA Housing Authority Discloses Data Breach Resulting From LockBit Ransomware Attack
