{ "id": "87c817e8-c07b-47e9-95d3-ab6788db3ae8", "created_at": "2026-04-06T00:16:29.115463Z", "updated_at": "2026-04-10T03:28:09.039971Z", "deleted_at": null, "sha1_hash": "cf0768a1dc3ec525a3d6262ff79ad3ec635c4edc", "title": "USDoD hacker behind National Public Data breach arrested in Brazil", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 3139402, "plain_text": "USDoD hacker behind National Public Data breach arrested in Brazil\r\nBy Lawrence Abrams\r\nPublished: 2024-10-16 · Archived: 2026-04-05 23:16:27 UTC\r\nA notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by\r\nBrazil's Polícia Federal in \"Operation Data Breach\".\r\nUSDoD, aka EquationCorp, has a long history of high-profile data breaches where he stole data and commonly leaked it on\r\nhacking forums while taunting the victims.\r\nThese breaches include those on the FBI's InfraGard, a threat information sharing portal, and National Public Data, where\r\nthe personal data and social security numbers of hundreds of millions of US citizens were leaked online.\r\nhttps://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nUSDoD attempting to sell the National Public Data breach\r\nSource: HackManac\r\nHowever, it wasn't until the threat actor targeted cybersecurity firm CrowdStrike and leaked the company's internal threat\r\nactor list that things took a turn for the worse for him.\r\nSoon after leaking the IOC list, Brazilian publisher Techmundo received an anonymous report created by CrowdStrike that\r\nallegedly identified, or doxed, the threat actor, revealing he was a 33-year-old Brazilian named Luan BG. \r\nStrangely, USDoD confirmed that CrowdStrike's information was accurate in an interview with HackRead and said he was\r\ncurrently living in Brazil.\r\n\"So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already\r\ndoxed me even before the Infragard hack,\" USDoD told HackRead.\r\nLikely aided by this information, Brazil's Polícia Federal (PF) announced his arrest today in Belo Horizonte/MG.\r\n\"The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the\r\nsystems of the Federal Police and other international institutions,\" reads the PF's press release.\r\n\"A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an\r\ninvestigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on\r\nFebruary 22, 2022.\"\r\n\"The prisoner boasted of being responsible for several cyber invasions carried out in some countries, claiming, on websites,\r\nto have disclosed sensitive data of 80,000 members of InfraGard, a partnership between the Federal Bureau Investigation -\r\nFBI and private critical infrastructure entities in the United States of America.\"\r\nIronically, the arrest was conducted under a law enforcement action named \"Operation Data Breach,\" which the police say\r\nwas named after the cyberattacks the threat actor was known for.\r\nhttps://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/\r\nhttps://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/usdod-hacker-behind-national-public-data-breach-arrested-in-brazil/" ], "report_names": [ "usdod-hacker-behind-national-public-data-breach-arrested-in-brazil" ], "threat_actors": [ { "id": "80edca9f-dcd6-491e-92f3-87ad1f575631", "created_at": "2023-10-14T02:03:14.694988Z", "updated_at": "2026-04-10T02:00:05.021046Z", "deleted_at": null, "main_name": "NetSec", "aliases": [ "NetSec", "Operation Data Breach", "ScarFace_TheOne", "USDoD" ], "source_name": "ETDA:NetSec", "tools": [], "source_id": "ETDA", "reports": null }, { "id": "82a51997-1402-41c3-86df-6f9e522b2ba8", "created_at": "2024-04-27T02:00:03.554045Z", "updated_at": "2026-04-10T02:00:03.63698Z", "deleted_at": null, "main_name": "USDoD", "aliases": [], "source_name": "MISPGALAXY:USDoD", "tools": [], "source_id": "MISPGALAXY", "reports": null } ], "ts_created_at": 1775434589, "ts_updated_at": 1775791689, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/cf0768a1dc3ec525a3d6262ff79ad3ec635c4edc.pdf", "text": "https://archive.orkl.eu/cf0768a1dc3ec525a3d6262ff79ad3ec635c4edc.txt", "img": "https://archive.orkl.eu/cf0768a1dc3ec525a3d6262ff79ad3ec635c4edc.jpg" } }