> Home

USDoD (EquationCorp) falls

Once again a threat actor falls to misuse of emails, how hard is it to not link your cyber criminal email to fucking Instagram?

“USDoD”, aka “EquationCorp” or “NetSec” initially started out as a hacktivist group, but they seemed to have strayed from their initial goals pretty easily.

Since they identified as Brazilian back in the day, everyone assumed them to be untouchable. Shitholes like Iran, Brazil, and Cuba are a cesspool for threat actors, pretty much considered a safe haven for actors like USDoD. Old surveillance tech, non extradition policies and chaotic societies are usually the key factors in the safety of a threat actor in a nation.

But humans are self-destructive in nature, so our Luan was also felled by his own hands (and shitty OpSec).

So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack. I want to say thank you, it is time to admit I got defeated and I will retire my Jersey. Yes, this is Luan speaking. I won’t run, I’m in Brazil, the same city where I was born. I am a huge valuable target and maybe I will talk soon to whoever is in charge but everyone will know that behind USDoD I’m a human like everyone else, to be honest, I wanted this to happen, I can’t live with multiple lives and it is time to take responsibility for every action of mine and pay the price doesn’t matter how much it may cost me. This is not my end. Thank you, see you around. Don’t worry Brazilian authorities, I’m coming to meet you, I’m not a threat, in fact, I can do much for my country.

- Luan

OpSec is hard

And yet his downfall was surprisingly simple, It was so simple in fact that I’m mad that it was CrowdStrike who doxxed him and not me.

  • He used only one email, “Luanbgs22”, which he used to create multiple accounts in multiple forums.
  • HE MADE A FUCKING INSTAGRAM ACCOUNT WITH THAT EMAIL.
  • HIS INSTAGRAM BIO WAS THE SLOGAN OF EquationCorp.

He got arrested a couple of days ago.

“I Protect the hive. When the system is out of balance, I Correct”

- An arrested man

Important attacks

FBI InfraGrad:

  • Breached the InfraGard portal, a partnership between the FBI and critical infrastructure companies.
  • Stole and leaked personal information of over 80,000 members, including names and contact details​ ​ National Public Data Breach:
  • Leaked personal data of millions of U.S. citizens, including social security numbers.
  • Attempted to sell this breach on raidforums.

CrowdStrike:

  • Leaked internal data from cybersecurity firm CrowdStrike, including their list of tracked threat actors and indicators of compromise (IOCs).
  • Sweet revenge, huh?

Airbus:

  • Allegedly stole sensitive data from Airbus.

TransUnion:

  • Targeted and leaked sensitive information from TransUnion. (a major credit reporting agency​)

Conclusion

If you plan to be a worldwide threat actor, try not to post about it on Instagram.