USDoD hacker behind National Public Data breach arrested in Brazil
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in "Operation Data Breach".
USDoD, aka EquationCorp, has a long history of high-profile data breaches where he stole data and commonly leaked it on hacking forums while taunting the victims.
These breaches include those on the FBI's InfraGard, a threat information sharing portal, and National Public Data, where the personal data and social security numbers of hundreds of millions of US citizens were leaked online.
However, it wasn't until the threat actor targeted cybersecurity firm CrowdStrike and leaked the company's internal threat actor list that things took a turn for the worse for him.
Soon after leaking the IOC list, Brazilian publisher Techmundo received an anonymous report created by CrowdStrike that allegedly identified, or doxed, the threat actor, revealing he was a 33-year-old Brazilian named Luan BG.
Strangely, USDoD confirmed that CrowdStrike's information was accurate in an interview with HackRead and said he was currently living in Brazil.
"So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack," USDoD told HackRead.
Likely aided by this information, Brazil's Polícia Federal (PF) announced his arrest today in Belo Horizonte/MG.
"The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the systems of the Federal Police and other international institutions," reads the PF's press release.
"A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022."
"The prisoner boasted of being responsible for several cyber invasions carried out in some countries, claiming, on websites, to have disclosed sensitive data of 80,000 members of InfraGard, a partnership between the Federal Bureau Investigation - FBI and private critical infrastructure entities in the United States of America."
Ironically, the arrest was conducted under a law enforcement action named "Operation Data Breach," which the police say was named after the cyberattacks the threat actor was known for.
SolarWinds Web Help Desk flaw is now exploited in attacks
Google: 70% of exploited flaws disclosed in 2023 were zero-days
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
Free online web security scanner
