In a recent cyber incident, a hacker associated with high-profile breaches including those of the FBI and Airbus, has purportedly leaked around 24GB of data allegedly linked to the defense contractor, Thales.
The alleged Thales data breach, which has surfaced on the dark web, suggests that the notorious USDoD hacker is involved in the incident, as indicated in a post shared on a dark web forum.
The saga unfolded with an announcement on the dark web, where USDoD claimed to have leaked approximately 24GB of data purportedly belonging to Thales.
Alleged Thales Data Breach on a Dark Web Forum
In the aftermath of the incident, cybersecurity experts scrambled to assess the extent of the damage and ascertain the veracity of the leaked data. Hudson Rock provided insights into the modus operandi of the hacker, suggesting a connection between the Thales data leak and previous cyberattacks on Airbus.
According to the report, the USDoD hacker may have exploited Infostealer malware to infiltrate Thales, leveraging compromised credentials to exfiltrate sensitive information.
The implications of the Thales data leak are far-reaching, with potential repercussions for national security and international relations. The leaked data, if authentic, could contain classified information related to defense contracts, proprietary technology, and personnel records.
Via a post on the dark web, the USDoD hacker displayed mockery and audacity, as it took to online forums to boast about their exploits, taunting rival cybercriminals and flaunting their prowess as a “one-man army.”
The threat actor post reads, “Hello, this is a new release of thales group leak. I have collected more than 24 GB of software by the end of last year. Yes, It is more bigger than LockBit.”
More Information about USDoD Hacker and Recent Exploits
The Cyber Express, in an attempt to learn more about the Thales data leak, has reached out to the defense organization. However, at the time of writing this, no information or official statement has been released, leaving the claims for this cyberattack stand unconfirmed. Unfortunately, the threat actor claims to have successfully breached the organization and has shared sample data to assert the intrusion.
Meanwhile, USDoD continues to operate with humor, drowned by their successful breaches and apparent mockery of law enforcement. Moreover, in a recent interview with DataBreaches, USDoD provided glimpses into their identity, revealing details about their age, nationality, and alleged connections to high-ranking officials in Spain.
The hacker, in his mid-30s, verified that he is not of Russian origin and emphasized that he operates independently, without any association to a ransomware group. Originally from South America but now residing in Portugal, he mentioned, “English is not my primary language,” according to DataBreaches.
Previously, the hacker leaked sensitive information about around 3,200 Airbus vendors via BreachForums, claiming to have acquired it through stolen passwords from a Turkish airline employee with access to Airbus’ systems.
This followed their prior breach of the FBI’s InfraGard network, where they sold contact details of 80,000 members. Despite FBI interventions, USDoD returned on September 11, 2023, leaking employee data from Airbus, hinting at future actions against top U.S. defense contractors.
Airbus confirmed the breach, attributing it to a RedLine trojan infection on the Turkish employee’s computer, likely acquired through pirated software. The recovered evidence suggested that a link between the breach and RedLine, which is a popular trojan commonly distributed through malicious emails and cracked software, often traded on cybercrime platforms.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
