A hacking group claims to have stolen more than 380 gigabytes of data from the U.S. Marshals Service, including confidential and top-secret documents and records about gangs, active cases, and electronic surveillance.
The ransomware group Hunters International took credit for the breach and posted pictures of the allegedly stolen records on its data leak site, according to the cybersecurity firm Hackmanac, which provided screenshots of the post to Gizmodo. In total, the group claims to have exfiltrated more than 327,000 files from the federal law enforcement agency responsible for tracking down fugitives and running the witness protection program. The hackers set an August 30 deadline for a ransom to be paid.
A spokesperson for the U.S. Marshals Service told Gizmodo he could not yet confirm the breach’s authenticity but that the agency was looking into the claims. In addition to screenshots of what it says are gang files and active case files, which appear to contain headshots and other information about suspects, the hacking group also posted documents it claimed were from “Operation Turnbuckle.” In 2022, upstate New York media outlets reported on a marshals operation by the same name that led to the arrest of more than a dozen drug trafficking suspects.
If confirmed, this would be the second major breach of the Marshals’ computer systems in as many years. The agency suffered a debilitating ransomware attack in February of 2023 that crippled some of its systems for months. It’s not immediately clear whether the data Hunters International claims to have stolen is connected to that breach, said Sofia Scozzari, the CEO of Hackmanac. Cybersecurity researchers first identified Hunters International as a threat group in October 2023, about eight months after the U.S. Marshals Service ransomware attack
After Hunters International emerged on the scene, cybersecurity researchers speculated that it was a rebranding of the Hive ransomware group, which the FBI infiltrated and disrupted in a six-month investigation culminating in January 2023. Hunters International, however, claimed that it had simply purchased Hive’s malware and improved upon it. Hackmanac has tracked 181 attacks connected to the group targeting a wide range of victims across private industry and government.
The group offers ransomware-as-a-service, meaning it sells and rents out its malware that infects a target’s system and encrypts the files. The attacker then charges a fee to return access to the files. About 75 percent of the Hunters International attacks Hackmanac has documented involve ransomware, Scozzari said, but in its posts about the U.S. Marshals Service’s data the group did not claim to have encrypted the files in addition to stealing them, as it has done previously.
“It is clear that for Hunters, data is money and the group’s main focus is maximizing profits” rather than any political motivation, Scozzari said. “In this regard, the more sensitive the stolen data, the greater the chances of receiving a large payment.”
/cdn.vox-cdn.com/uploads/chorus_asset/file/25562170/ember_feb2022_benwaugh_6_EDIT_3000.jpg)
:quality(85):upscale()/2024/10/18/872/n/24155406/5add03f16712bd5d6e1f71.63155954_.png)
:quality(85):upscale()/2024/10/18/836/n/1922441/aeba639a6712b1615cb195.25550683_.jpg)
English (US) ·