Hackers claim they have stolen ultra-secret documents from the US Marshals Service
A group dedicated to hacking claims to have stolen over 380 gigabytes of data from the United States Marshals Service, including confidential and ultra-secret documents, and records on gangs, active cases, and electronic tracking.
The ransomware group Hunters International claimed the theft and posted images of the allegedly stolen records on their data leak site, according to the cybersecurity firm Hackmanac, which provided screenshots of the post to Gizmodo. In total, the group claims to have exfiltrated over 327,000 files from the federal law enforcement agency responsible for pursuing fugitives and running the witness protection program. The hackers have set a deadline for ransom payment on August 30th.
Operation Turnbuckle
A spokesperson for the Marshals Service told Gizmodo that they could not yet confirm the authenticity of the theft, but that the agency was investigating. In addition to screenshots of what they claim to be gang files, and active case files that appear to contain photos and other information about suspects, the hacker group also posted documents that they claim were from “Operation Turnbuckle.” In 2022, media in upstate New York about a Marshals operation of the same name, which led to the arrest of over a dozen drug trafficking suspects.
If confirmed, this would be the second major breach of the Marshals’ computer systems in two years. The agency suffered a significant in February 2023, which affected some of its systems for months. It is not immediately clear if the data that Hunters International claims to have stolen is related to that breach, said Sofia Scozzari, CEO of Hackmanac. Cybersecurity researchers identified Hunters International as a dangerous group in October 2023, about eight months after the ransomware attack on the marshals service.
After Hunters International emerged, cybersecurity researchers speculated that it was just a rebranding of the ransomware group Hive, which in January 2023. But Hunters International claimed that they had only purchased the malware from Hive and improved it. Hackmanac has tracked 181 attacks related to the group, targeting a wide range of victims in the private industry and government.
The group offers ransomware as a service, meaning they sell or rent it to infect someone’s system and encrypt files. The attacker then charges to regain access to the files. “For Hunters, data is money and they seek to maximize profits,” Scozzari stated.
