{
	"id": "18aec93e-be1e-4271-9f42-41b3827d3a29",
	"created_at": "2026-04-06T00:18:19.053362Z",
	"updated_at": "2026-04-10T03:29:18.375646Z",
	"deleted_at": null,
	"sha1_hash": "a3e4d0fe63b62d188482f17573f2bc08109a7f26",
	"title": "Acuity Federal Contractor Breach, Okta Customers Leak, DCRat Exploit and Access Sales",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 43274,
	"plain_text": "Acuity Federal Contractor Breach, Okta Customers Leak, DCRat\r\nExploit and Access Sales\r\nPublished: 2024-03-11 · Archived: 2026-04-05 12:50:27 UTC\r\nIn the Dark Web, a world of illicit activities and cyber threats, the SOCRadar Dark Web Team has uncovered a\r\nseries of alarming findings. From a breach of a federal contractor exposing sensitive data to the sale of\r\nunauthorized access and leaked databases, the implications of these discoveries are far-reaching.\r\nJoin us as we delve into the dark underbelly of the internet, exploring the potential impact on national security,\r\npersonal privacy, and the need for robust cybersecurity measures.\r\nReceive a Free Dark Web Report for Your Organization:\r\nType your domain to get your free dark web report\r\nAlleged Breach of Federal Contractor Acuity Exposes ICE and USCIS Data\r\nIn a recent cybersecurity incident, SOCRadar Dark Web Team detected a post on a hacker forum where a member\r\nof the group known as CyberNiggers claimed to have breached Acuity, a United States federal contractor, and is\r\nnow purportedly selling data associated with the U.S. Immigration and Customs Enforcement (ICE) and the\r\nUnited States Citizenship and Immigration Services (USCIS). This breach allegedly compromises sensitive and\r\npersonally identifiable information (PII) of over 100,000 victims, potentially impacting a vast number of people.\r\nThe alleged stolen data includes full names, passport details, dates of birth, phone numbers, email addresses,\r\nphysical addresses, and physical attributes.\r\nFurther details from Hackread revealed that the breach extends to more sensitive layers, including source code,\r\nuser manuals, and confidential communications between ICE agents and contractors. These documents encompass\r\ndiscussions on investigative techniques, insights into the Ukraine and Russia conflict, and information on global\r\nterrorism-related seminars, illustrating the breach’s potential impact on national security and intelligence\r\noperations.\r\nOne of the most alarming aspects of this incident is the method of the alleged breach. The threat actor claimed to\r\nhave exploited a critical zero-day vulnerability in GitHub, allowing them to steal GitHub tokens and further their\r\nmalicious activities. This points to the importance of robust cybersecurity measures and the need for constant\r\nvigilance against emerging threats and vulnerabilities.\r\nCustomer Database of Okta is Leaked\r\nThe SOCRadar Dark Web Team discovered a post on a hacker forum where a threat actor claims to have leaked\r\nthe Okta customer database, following a data breach in September 2023. This breach reportedly compromised the\r\nhttps://socradar.io/acuity-federal-breach-okta-leak-dcrat-exploit/\r\nPage 1 of 2\n\npersonal and professional information of 3.8 thousand customer support users, including sensitive details like User\r\nIDs, names, contact information, and security parameters.\r\nFurther investigation by using SOCRadar’s Threat Hunting module revealed that the dataset shared by the threat\r\nactor matches a database previously alleged to belong to the National Defense Information Sharing and Analysis\r\nCenter, which was published by a member of CyberNiggers in March 2023.\r\nDCRat Exploit Are on Sale\r\nThe SOCRadar Dark Web Team uncovered a post on a hacker forum indicating that a threat actor is offering a new\r\nalleged exploit for DCRat (also known as Dark Crystal) for sale. DCRat is a Remote Access Tool (RAT) that\r\ncan be used for malicious purposes, such as unauthorized access to victims’ computers, data theft, and deploying\r\nmalware. The exploit being sold purportedly allows an attacker to gain access to the host system merely by using a\r\nlink to the host, simplifying the process of infiltrating systems for malicious actors.\r\nUnauthorized VPN Access Sale is Detected for a French Software Company\r\nThe SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor is advertising the sale of\r\nunauthorized VPN access. This access is purported to belong to a French software company with an annual\r\nrevenue of approximately $49.2 million. The details provided in the post suggest a significant security breach,\r\nemphasizing the type of access being sold is through a VPN, along with domain user credentials.\r\nDatabases of Many Sectors in India are Leaked\r\nThe SOCRadar Dark Web Team detected a post on a hacker forum where a threat actor has announced a\r\nsignificant data leak impacting multiple sectors in India. According to the claim, the leaked databases collectively\r\namount to a substantial 10 gigabytes of data. This announcement has evidently attracted considerable attention\r\nwithin the cybercriminal community, as evidenced by the volume and tone of the comments under the post. These\r\ncomments reflect a high level of interest from other threat actors, though some express skepticism regarding the\r\nfreshness of the data, suspecting it might be outdated.\r\nPowered by DarkMirror™\r\nGaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence\r\nand digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges,\r\nSOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and\r\ngroups filtered by the targeted country or industry.\r\nSource: https://socradar.io/acuity-federal-breach-okta-leak-dcrat-exploit/\r\nhttps://socradar.io/acuity-federal-breach-okta-leak-dcrat-exploit/\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"references": [
		"https://socradar.io/acuity-federal-breach-okta-leak-dcrat-exploit/"
	],
	"report_names": [
		"acuity-federal-breach-okta-leak-dcrat-exploit"
	],
	"threat_actors": [
		{
			"id": "d6519c33-32d0-4a3c-b5cd-930ce047c240",
			"created_at": "2024-04-19T02:00:03.615928Z",
			"updated_at": "2026-04-10T02:00:03.612469Z",
			"deleted_at": null,
			"main_name": "CyberNiggers",
			"aliases": [],
			"source_name": "MISPGALAXY:CyberNiggers",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434699,
	"ts_updated_at": 1775791758,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/a3e4d0fe63b62d188482f17573f2bc08109a7f26.pdf",
		"text": "https://archive.orkl.eu/a3e4d0fe63b62d188482f17573f2bc08109a7f26.txt",
		"img": "https://archive.orkl.eu/a3e4d0fe63b62d188482f17573f2bc08109a7f26.jpg"
	}
}