The U.S. Marshals Service (USMS) denies its programs have been breached by the Hunters Worldwide ransomware gang after being listed as a brand new sufferer on the cybercrime group’s leak web site on Monday.
“USMS is conscious of the allegations and has evaluated the supplies posted by people on the darkish internet, which don’t seem to derive from any new or undisclosed incident,” a spokesperson advised BleepingComputer when requested to verify the cybercrime group’s claims.
Whereas the ransomware group has not but launched any allegedly stolen paperwork, they’ve already included thumbnail screenshots of a few of these information within the USMS entry as proof to assist their claims.
Although the federal regulation enforcement company did not present extra data, BleepingComputer has discovered that the information revealed by Hunters Worldwide on their darkish internet knowledge leak web site is identical as the information put up on the market in March 2023 on a Russian-speaking hacking discussion board.
A risk actor named “Tronic” claimed in 2023 that the stolen information contained copies of passports and identification paperwork, aerial footage and images of army bases and different high-security areas, particulars on wiretapping and surveillance of residents, data on convicts, gang leaders, and cartels, and a few information are marked as SECRET or TOP SECRET.
It’s unclear if the unique vendor, Tronic, is now related to Hunters Worldwide or if the ransomware gang beforehand bought the information and is now making an attempt to resell it.
One month earlier, in February 2023, the USMS confirmed it was investigating the theft of delicate regulation enforcement data after “a stand-alone USMS system” was impacted in a ransomware assault.
“The affected system accommodates regulation enforcement delicate data, together with returns from authorized course of, administrative data, and personally identifiable data pertaining to topics of USMS investigations, third events, and sure USMS staff,” USMS spokesperson Drew Wade mentioned on the time.
USMS disclosed one other knowledge breach in Might 2020 after it unintentionally uncovered the small print of over 387,000 former and present inmates in a December 2019 incident, together with personally identifiable data like their names, dates of delivery, residence addresses, and social safety numbers.
Hunters Worldwide, the cybercrime gang that listed USMS as a brand new sufferer on their leak web site this week, is a ransomware operation that surfaced in late 2023 and was flagged as a potential rebrand of Hive due to code similarities.
Notable victims claimed by this ransomware gang during the last yr embody Japanese optics large Hoya, U.S. Navy contractor Austal USA, and Integris Well being.
The gang additionally breached the Fred Hutch Most cancers Middle in December, threatening to leak the stolen knowledge of over 800,000 most cancers sufferers (together with their names, Social Safety numbers, telephone numbers, medical historical past, lab outcomes, and insurance coverage historical past) in the event that they weren’t paid.
Thus far, Hunters Worldwide operators have focused corporations of all sizes, with ransom calls for seen by BleepingComputer ranging between tons of of 1000’s to hundreds of thousands of {dollars}, relying on the focused group’s dimension.
For the reason that begin of the yr, they’ve claimed 157 assaults in opposition to varied organizations worldwide (together with USMS), rating it as one of the vital lively ransomware operations.