The United States Marshals Service (USMS) has firmly denied recent claims of a data breach by the cybercriminal group Hunters International. This statement comes in response to the group’s announcement earlier this week about allegedly leaking sensitive information from the federal law enforcement agency.
USMS Response and Investigation
In an official statement to Bleeping Computer, the USMS acknowledged awareness of the claims and confirmed that they had thoroughly examined the materials posted on the dark web by unknown individuals. The agency concluded that “the information does not appear to be the result of any new or unreported incident.”
While Hunters International has yet to release any purportedly stolen USMS documents, they have posted preview screenshots of certain files as supposed evidence of their breach. This tactic is commonly employed by cybercriminal groups to lend credibility to their claims and pressure victims into paying ransoms.
Connection to Previous Data Leak
Cybersecurity experts have noted striking similarities between the data published by Hunters International and information that was offered for sale on a Russian-language hacking forum in March 2023. This earlier leak was attributed to a user known as “Tronic,” who claimed the stolen files contained:
- Copies of passports and other identification documents
- Aerial photography data
- Photos of military bases and other high-security zones
- Information on surveillance and citizen monitoring
- Data on convicted individuals, gang leaders, and cartel members
- Files marked as “classified” and “top secret”
February 2023 Ransomware Attack
It’s crucial to note that in February 2023, the USMS was indeed the target of a successful ransomware attack. During this incident, hackers managed to exfiltrate data from a system containing “sensitive law enforcement information, including court records, administrative information, and personal information related to subjects of USMS investigations, third parties, and certain USMS employees.”
Possible Scenarios
The current situation raises several possibilities:
- Hunters International may have acquired the previously leaked data and is attempting to resell it.
- The group could be connected to the original “Tronic” leak from March 2023.
- This might be an attempt to capitalize on the known February 2023 breach without possessing new data.
As cybersecurity threats continue to evolve, this incident underscores the importance of robust data protection measures for government agencies and the need for swift, transparent responses to potential breaches. While the USMS maintains that no new data has been compromised, the situation serves as a reminder of the persistent threats faced by high-profile targets in the digital age. Organizations must remain vigilant, regularly updating their security protocols and incident response plans to stay ahead of increasingly sophisticated cyber adversaries.