The notorious hacker USDoD, who is best known for high-profile data leaks, appears to be a man from Brazil, according to investigations conducted by CrowdStrike and others.
Over the past few years, USDoD, aka EquationCorp, has leaked vast amounts of information stolen from major organizations. His targets include the FBI’s InfraGard portal, Airbus, credit reporting firm TransUnion, background checking service National Public Data (NPD), and many others.
Recently he even leaked information from CrowdStrike, but the cybersecurity firm clarified that the information is available to tens of thousands of customers, partners, and prospects.
While many organizations have confirmed data breaches, some of USDoD’s claims have been found to be exaggerated.
Brazilian publication TecMundo broke the news last week — citing a report distributed privately by CrowdStrike — that USDoD is Luan B.G., a 33-year-old man from Minas Gerais, Brazil. Others reference him as Luan G., but his full name has also been made public, on social media platforms.
After the news broke, OSINT and online security firm Predicta Lab conducted its own investigation and reached the same conclusion.
Evidence collected by CrowdStrike (as cited by TecMundo) and Predicta Lab shows that the hacker did a poor job at hiding his true identity, with links easily being found between the online personas used by the hacker and personal profiles on various social media platforms.
Contacted by SecurityWeek, CrowdStrike said it has nothing further to share.
The privately distributed CrowdStrike report, according to TecMundo, suggested that the hacker would likely deny being Luan B.G., but the individual controlling the social media and other online accounts tied to the hacker has actually confirmed that the ‘doxing’ is accurate.
However, the hacker told HackRead that others had correctly identified him even before the InfraGard hack of 2022.
The hacker said he does not plan on running away and suggested that he may try to reach some sort of deal with Brazilian authorities, offering them his cybersecurity expertise.
Cybersecurity firm SOCRadar, which has been tracking USDoD’s activities, noted following the hacker’s unmasking, “While the extradition treaty between Brazil and the US could allow Luan to face charges in the US, Brazil’s policy of not extraditing its citizens might prevent this. Even if not extradited, Luan could still face charges in Brazil. His desire to reform may influence a more lenient legal approach focused on rehabilitation.”
According to SOCRadar, USDoD has often relied on social engineering and credentials stolen by malware to gain access to sensitive data belonging to government and private organizations.
Related: LockBit Ransomware Mastermind Unmasked, Charged
Related: Killnet Leader Unmasked
Related: Vietnamese Members of FIN9 Hacking Group Charged in US
