Upon filtering out the duplicate records, the total accounts breached amounted to nearly 8.5 million (specifically 8,460,182).

USDoD is a repeat federal offender

This isn’t the first time USDoD has sneaked into a federal system. Previously known as “NetSec” on RaidForums, USDoD has gained notoriety since the threat actor’s “#RaidAgainstTheUS” campaign targeting the US Army and Defense contractors.

In December 2022, USDoD posted hacked data from InfraGard, a partnership between the FBI and private sector firms, which consisted of personal details about 87000 members of InfraGrad. A subsequent breach included a data leak of 3200 Airbus vendors that USDoD managed to capture using the compromised credentials of a Turkish Airline employee.

“USDoD’s hacking approach heavily relies on social engineering, particularly impersonation. [The hacker] often gains access to high-profile entities by impersonating key individuals,” according to USDoD’s official X account bio.

USDoD was revealed by SOCRadar to be a man in his mid-30s with roots in South America. Earlier reports from February 2022, according to SOCRadar, had painted him as a pro-Russian threat actor which he refuted later on saying his association with Russia was strictly business and non-political.

USDoD maintains a dedicated Telegram channel, SparrowCorp, to update his followers about his recent hacks and share links for sales of the leaked data. On April 7, he made two posts regarding the EPA breach. “I got access to a US federal jurisdiction data that will make InfraGard look like an amateur job,” the hacker posted about 12 hours before adding, “Good evening, Community. Epa gov database have been shared with a total of 15M rows.”