Threat actor USDoD (who went by the aliases NetSec, ScarFace_TheOne, and Scarfac33) previously known for attacks against U.S. infrastructure and Airbus has claimed Bureau van Dijk as its latest victim. The threat actor also claimed that the alleged attack on Bureau van Dijk would likely be his last and seemed to bid farewell to the BreachForums community.
Bureau van Dijk, a leading business intelligence firm owned by Moody’s Analytics. The firm offers various consumer and private company intelligence-related products with a primary focus on sales, marketing, and customer support.
The firm is known to maintain country-specific databases and the threat actor was likely referring to the US variant of the consumer database. The two shared files combined together form about 11.7 million lines of sensitive data as mentioned in the post description on BreachForums.
USDoD Threat Actor Targets Bureau van Dijk in Farewell Post
In a surprising gesture, USDoD bid farewell to the BreachForums community, federal agencies and ‘friends around the globe’, claiming his post as a way of stating goodbye. The threat actor stated that he did not expect anything further from the community, while expressing gratitude for all the people that he contacted over the years with the forums.
The threat actor reiterated that he was a lone individual working alone in his activities while framing his decision to step away as a move to focus on personal life and family.
The post description mentions the information in the first stolen database as containing around 8.9 GB of data and being delivered in CSV format. The file included fields such as Last Name, First Name, Email Addresses, Priority Telephone Number, and Priority Email Address.
The Cyber Express reached out to Bureau van Dijk to verify the authenticity of the hackers claims. A Moody’s spokesperson assured that “There is no evidence to indicate that a compromise of Moody’s or Bureau van Dijk’s systems or networks has occurred, or that any confidential data is available to an unauthorized third party.” leaving the claims by the hacker on the Bureau van Dijk cyberattack, a sham.
US Consumer Database Included Within Threat Actor’s Post
The second database included within the threat actors post was purportedly a US consumer database stolen from the same agency and seemed to include data such as First Name, Last Name, Business Email, Mobile Phone, Direct Number, Job Title, Personal Address and Company Address.
The second database was also in .csv format and was stated to include about 2.8 million lines of data records. Both databases were freely available for public download through shared links shared in the post.
The attacker previously targeted the defense contractor Thales in a data breach on March 1, 2024 involving 24 GB of data. Prior to the incident the threat actor was responsible for the Airbus data breach on September 12, 2023.
Earlier in August 2021 while operating under the NetSec moniker, the threat actor revealed that they had obtained administrator access to several websites belonging to the U.S. Army. This attack was part of a wider individual campaign under the ‘#RaidAgainstTheUS hashtag’ involving large-scale attacks on the U.S. Department of Defense (DoD), U.S. Army websites, and U.S. Defense manufacturers.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
