The U.S. Marshals Service (USMS) has firmly denied allegations that its systems were breached by the Hunters International ransomware gang, despite the group’s recent claim on a dark web leak site.
On Monday, the cybercrime group listed USMS as a new victim, suggesting they had obtained sensitive information from the federal law enforcement agency.
In response to these claims, a USMS spokesperson stated, “USMS is aware of the allegations and has evaluated the materials posted by individuals on the dark web, which do not appear to derive from any new or undisclosed incident.” This indicates that the agency believes the materials in question are not related to a new breach.
While Hunters International has not yet released any documents they claim to have stolen, they did include thumbnail screenshots of some files in their leak site entry to support their claims. However, further investigation by BleepingComputer revealed that the data displayed by the ransomware group seems to be the same as the information offered for sale in March 2023 on a Russian-speaking hacking forum.
The data, purportedly stolen, includes copies of passports and identification documents, aerial footage and photos of military bases, details on wiretapping and surveillance activities, and files marked as SECRET or TOP SECRET.
The original seller of this data, a threat actor known as “Tronic,” claimed in 2023 that they had possession of these files. It remains unclear whether “Tronic” is currently associated with Hunters International or if the group purchased the data to resell it.
