Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Identity of Notorious Hacker USDoD Revealed

USDoD, the hacker known for high-profile data leaks, is a man from Brazil, according to CrowdStrike and others.

Hacker unmasked

The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others.

Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI’s InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others. 

Recently he even leaked information from CrowdStrike, but the cybersecurity firm clarified that the information is available to tens of thousands of customers, partners, and prospects.

While many organizations have confirmed data breaches, some of USDoD’s claims have been found to be exaggerated.

Brazilian publication TecMundo broke the news last week — citing a report distributed privately by CrowdStrike — that USDoD is Luan B.G., a 33-year-old man from Minas Gerais, Brazil. Others reference him as Luan G., but his full name has also been made public, on social media platforms. 

After the news broke, OSINT and online security firm Predicta Lab conducted its own investigation and reached the same conclusion. 

Evidence collected by CrowdStrike (as cited by TecMundo) and Predicta Lab shows that the hacker did a poor job at hiding his true identity, with links easily being found between the online personas used by the hacker and personal profiles on various social media platforms. 

Contacted by SecurityWeek, CrowdStrike said it has nothing further to share. 

Advertisement. Scroll to continue reading.

The privately distributed CrowdStrike report, according to TecMundo, suggested that the hacker would likely deny being Luan B.G., but the individual controlling the social media and other online accounts tied to the hacker has actually confirmed that the ‘doxing’ is accurate. 

However, the hacker told HackRead that others had correctly identified him even before the InfraGard hack of 2022. 

The hacker said he does not plan on running away and suggested that he may try to reach some sort of deal with Brazilian authorities, offering them his cybersecurity expertise. 

Cybersecurity firm SOCRadar, which has been tracking USDoD’s activities, noted following the hacker’s unmasking, “While the extradition treaty between Brazil and the US could allow Luan to face charges in the US, Brazil’s policy of not extraditing its citizens might prevent this. Even if not extradited, Luan could still face charges in Brazil. His desire to reform may influence a more lenient legal approach focused on rehabilitation.”

According to SOCRadar, USDoD has often relied on social engineering and credentials stolen by malware to gain access to sensitive data belonging to government and private organizations.

Related: LockBit Ransomware Mastermind Unmasked, Charged

Related: Killnet Leader Unmasked

Related: Vietnamese Members of FIN9 Hacking Group Charged in US

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Jill Popelka has been appointed CEO at Darktrace, after serving as COO for three months.

GitHub has appointed Alexis Wales as its new Chief Information Security Officer.

Cybersecurity and intelligence solutions provider Nightwing has appointed Christopher Jones as CTO and CDO.

More People On The Move

Expert Insights