The hacker claims that, among other sensitive data, the stolen information includes data about convicts, drug cartels, witnesses, and individuals enrolled in the agency’s witness protection program.
In late February 2023, the US Marshals Service (USMS) suffered a ransomware attack, leading to all sorts of speculation. Now, however, a hacker is selling data that they claim belongs to the USMS for $150,000.
For readers outside the United States, the U.S. Marshals Service (USMS) is a high-profile government agency associated with the U.S. Department of Justice, which offers protection to government witnesses and their families.
The Stolen US Marshals Service Data
The stolen data, which is being offered for sale by an unknown threat actor on a Russian cybercrime and hacker forum operating on both the Dark Web and the clearnet, allegedly include military base photos, wiretap data belonging to USMS, drone footage of military bases, and documents on cartels, gang leaders, IDs, and passports.
The data also includes information about convicts, drug cartels, witnesses, and individuals enrolled in the agency’s witness protection program. Additionally, the dataset includes files marked as Top Secret and Confidential, as well as backdoor software for Apple devices.
Are These Claims Authentic?
Although no ransomware group has claimed responsibility for the attack yet, the hacker who posted the advert claimed that the dataset was stolen from the USMS between 2021 and February 2023. However, the post was uploaded from a one-day-old account, and the author did not provide any data samples as evidence.
It is worth noting that the threat actor suggests using a middleman to ensure a successful sale, in this case, the forum’s administrator. The hacker’s willingness to use a third-party and their confidence in the quality of the stolen information indicates that the threat should be taken seriously.
The USMS had previously announced in February 2023 that it had fallen victim to a major ransomware attack, which compromised sensitive data on known fugitives, USMS employees, and legal proceedings.
At the time, the agency stated that data related to individuals enrolled in the witness protection program had not been accessed.
- Hackers post data of thousands of Federal agents
- Avast found backdoor in US Federal Agency Network
- Top US Federal Agencies Hacked by Russian Hackers
- Hackers access domain controller of US Federal network
- Federal agency hacked leveraging compromised credentials