After successfully hacking the FBI, an online hacker going by the name “USDoD” revealed information that may lead to more clues for investigators to find him.
Here’s how it happened.
In December 2022, USDoD breached the FBI’s InfraGard sharing system database and attempted to sell the stolen data on the now defunct hacker forum, “Breached.” While law enforcement was able to shut down the forum, the hacker stayed anonymous.
For a while he laid low, unable to sell his data. That was until “BreachForums” became a new popular place to sell data. However, nearly one year later, the hacker resurfaced with another shocking pile of stolen data.
USDoD revealed that he had stolen the data of more than 3,200 Airbus vendors, obtaining information like full names, phone numbers, email addresses, and more from various companies.
“This month, I got access to Airbus site using employee access from some Turkish airline, and this got me inside of a lot of stuff, plus their vendors’ data, 3,200 records. It is their entire vendors’ data,” USDoD posted.
However, the hacker made a crucial mistake — USDoD shared that it obtained the Airbus vendors by exploiting employee access from Turkish Airlines. This led researchers from Hudson Rock to find the exact computer the group logged in from. The infected PC is believed to have been running a malware-ridden version of Microsoft.NET and it had clear access to third-party login credentials.
“It’s crucial to underscore that Hudson Rock had the data of this employee’s compromised data on the very day of the infection,” explain researchers in their report.
While they haven’t been caught, the story doesn’t stop there.
The hacker also posted that they joined the “Ransomed” ransomware gang and teased that their next two targets are Lockheed Martin and Raytheon.