Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil

Avatar

Federal law enforcement in Brazil arrested a hacker allegedly behind several brazen, high-profile cyberattacks.

In a statement on Wednesday, Brazil’s Department of Federal Police (DFP)said they launched “Operation Data Breach” to investigate several intrusions on their own systems as well as others internationally. 

“A search and seizure warrant and a preventive arrest warrant was served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications and sales of Federal Police data, on May 22, 2020 and on February 22, 2022,” DFP said

“The prisoner boasted of being responsible for several cyber intrusions carried out in some countries, claiming, on websites, to have disclosed sensitive data of 80,000 members of InfraGard, a partnership between the FBI and private critical infrastructure entities in the United States of America.” 

DFP did not name the suspect, but a threat actor known as USDoD has long boasted of being behind the December 2022 breach of the FBI’s InfraGard platform that is used by law enforcement to coordinate with companies. 

The hacker — who has been linked to Brazil by several cybersecurity researchers — also claimed breaches of European aerospace giant Airbus, the U.S. Environmental Protection Agency and several other organizations that often could not be verified

The same threat actor caused widespread alarm in April when they posted a database on the criminal marketplace Breached claiming it came from U.S. background check giant National Public Data. The database included about 899 million unique Social Security numbers, likely of both living and deceased people.

A bankruptcy filing by National Public Data explicitly names USDoD, noting that the hacker “has had a great deal of success breaching other institutions including the FBI, Airbus, and TransUnion.”

DFP confirmed that the person they arrested is “responsible for leaking large databases of personal information, including those of companies such as Airbus and the United States Environmental Protection Agency.” 

“The person under investigation must answer for the crime of hacking into a computer device, qualified by obtaining information, with an increase in the sentence for the commercialization of the data obtained,” they said. 

“The investigation will continue to identify any other cyber intrusions that were committed by the person under investigation.”

A person claiming to be USDoD came forward in August and spoke to a news outlet, admitting to being a 33-year-old man named Luan G. from the state of Minas Gerais in Brazil. 

“I want to say thank you, it is time to admit I got defeated and I will retire my Jersey. Yes, this is Luan speaking. I won’t run, I’m in Brazil, the same city where I was born,” he told HackRead. 

“I am a huge valuable target and maybe I will talk soon to whoever is in charge but everyone will know that behind USDoD I’m a human like everyone else, to be honest, I wanted this to happen, I can’t live with multiple lives and it is time to take responsibility for every action of mine and pay the price doesn’t matter how much it may cost me.” 

The person claimed they had already been identified by cybersecurity experts working for Crowdstrike and other companies like Intel471. Local news outlets reported at the time that Crowdstrike shared its findings with the Brazilian government. 

Other researchers have used social media accounts and more to trace the identity back to Luan.

The arrest is just the latest attempt by Brazilian law enforcement to limit the operations of hackers in their country. In January, Brazilian police disrupted the operation of a criminal group responsible for the banking malware called Grandoreiro that was used to steal €3.6 million ($3.9 million) since 2019. 

In 2022, they carried out eight search and seizure warrants as part of an investigation into attacks claimed by the Lapsus$ Group.

CybercrimeGovernmentNews
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Previous Post

Hackers target Ukraine’s potential conscripts with MeduzaStealer malware

Next Post

Sudanese brothers charged for ‘Anonymous Sudan’ attacks targeting critical infrastructure, government agencies and hospitals

Related Posts

Researchers Uncover Major Security Vulnerabilities in Industrial MMS Protocol Libraries

Details have emerged about multiple security vulnerabilities in two implementations of the Manufacturing Message Specification (MMS) protocol that, if successfully exploited, could have severe impacts in industrial environments. "The vulnerabilities could allow an attacker to crash an industrial device or in some cases, enable remote code execution," Claroty researchers Mashav Sapir and Vera
Avatar
Read More

Russian RomCom Attacks Target Ukrainian Government with New SingleCamper RAT Variant

The Russian threat actor known as RomCom has been linked to a new wave of cyber attacks aimed at Ukrainian government agencies and unknown Polish entities since at least late 2023. The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. "This
Avatar
Read More