US Marshals Service allegedly hacked by ransomware gang
The ransomware group Hunters International claims to have attacked the US Marshals Service and has published screenshots of allegedly captured files.
(Image: plantic\Shutterstock.com)
- Kathrin Stoll
A cybercriminal group claims to have stolen more than 380 gigabytes of data from the US Marshals Service (USMS). The attackers have set a deadline of August 30 for their ransom demand. The US Marshals Service is a law enforcement agency subordinate to the US Department of Justice.
The ransomware group Hunters International claims to have captured top-secret documents and records on current cases, gang crime and electronic surveillance in an attack. This is according to a post by cybersecurity firm Hackmanac on X (formerly Twitter) on August 26. According to the post, the ransomware gang has published screenshots of allegedly stolen data on its data leak website on the Darknet. The gang claims to have stolen almost 15 gigabytes of data on current cases, confidential device information and electronic surveillance operations.
In addition, the gang's darknet presence listed files related to a joint USMS and Albanian law enforcement investigation called Operation Turnbuckle in April 2022. In a so-called sting operation, weapons and prohibited substances were seized, and 18 drug dealers were arrested.
Allegations not yet confirmed
A spokesperson for the authority told the US blog Gizmodo that the authenticity of the data leak could not yet be confirmed, but that the claims made by the ransomware gang were being investigated.
If confirmed, this would be the second major breach of the agency's systems in less than two years: In February 2023, the US Marshals Service was the victim of a ransomware attack that paralyzed part of their IT for several months. It is unclear whether there is a connection between the two attacks.
Hunters International was first identified as a ransomware gang by IT security researchers in October 2023. Following its emergence, there was speculation that the group could be a new formation of the Hive ransomware gang, which was broken up in January 2023. However, according to Gizmodo, Hunters International itself claims to have merely adopted and improved the malware from Hive.
However, according to a report by the Australian IT news portal Cyberdaily, the ransomware group's website is now apparently down. Whether the US authorities are behind this or it is simply bad timing is currently unclear.
(kst)
