LockBit Claims It Hacked The US Federal Reserve

Uploaded on 2024-06-26 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

The LockBit cybercrime gang has claimed to have stolen an enormous database of 33 terabytes of confidential banking data from the US Federal Reserve, which includes sensitive banking information about American citizens.  

Although these claims sound far-fetched, the ransomware gang has warned the US government of a deadline, after which the allegedly stolen data could be leaked to the public.

If confirmed, the Federal Reserve breach would be one of the biggest banking hacks in US history. Being the central banking system of the country, the Federal Reserve operates 12 banking districts in major cities such as Boston, New York, Dallas, Chicago, and San Francisco.

LockBit has put the Federal Reserve on its Dark Web leak site on Sunday 23 June 2024, along with the demand the Fed appoint another negotiator after being low-balled in the ransom mediation. “You better hire another negotiator within 48 hours, and fire this clinical idiot who values American’s bank secrecy at $50,000”, the statement read.

The information included in the 33TB cache said to have been exfiltrated from the Federal Reserve was not confirmed in the listing, only that it includes confidential information of American banking. To date, the Federal Reserve has not confirmed the truth of the information or whether it was breached at the time of writing. 

Security experts are also casting doubt over LockBit's claims. In a message on X discussing the incident, cyber security researcher Dominic Alvieri commented “someone is mad” and expressed some scepticism about how legitimate LockBit’s claims are. Alvieri noted that without any real evidence it is more likely the group is “just blowing off steam”.

Thomas Richards, principal consultant at the Synopsys Software Integrity Group, said, "The ransomware groups try to intimidate and make their notoriety bigger than it is, even with how well known and successful Lockbit has been in the past year.  A statement from them would have caused concern within the US Federal Reserve until it was proven they did not access the systems."

In March this year the US Department of State announced a reward of $15 million for information leading to the arrest and/or conviction of any individual participating in a LockBit ransomware variant attack and for information leading to the identification and/or location of any key leaders of the LockBit ransomware. In May, LockBit’s official Dark Net website was siezed and then reactivated by international law enforcement following a Russian national, Dmitry Khoroshev, being  identified as the leading figure in the cybercrime group..

LockBit is known for claiming high-profile targets, which are often dismissed by the companies involved. 

In April 2023 the group announced it had breached Darktrace, a leading AI-driven cyber security company although these claims were swiftly rebutted by the company.

@AlvieriID    |   Techradar   |    ITPro   |    CyberWire   |   HackRead    |   @LockBit_News   |   CSO Online   

You Might Also Read: 

The Ransomware Threat Landscape Is Diversifying

___________________________________________________________________________________________

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 


 

« Hacker, Spy, Or Journalist?
The Rising Threat Of Deepfakes »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

First Response

First Response

First Response is a Cyber Incident Response and Digital Forensic Investigation company.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

Southwest Research Institute (SwRI)

Southwest Research Institute (SwRI)

Southwest Research Institute SwRI are R&D problem solvers providing independent services to government and industry clients. Areas of expertise include Cybersecurity, Intelligent Networks and IoT.

Proton Data Security

Proton Data Security

Proton Data Security is a certified small business specializing in the design, manufacturing and sales of data security products for permanent erasure of hard drives, tapes and optical media.

Spamhaus

Spamhaus

Spamhaus is the world leader in supplying realtime highly accurate threat intelligence to the Internet's major networks.

KeyData Associates

KeyData Associates

KeyData is a recognized leader in cybersecurity services specializing in Identity and Access Management (IAM), Customer Identity & Access Management (CIAM) and Privileged Access Management (PAM).

Charles IT

Charles IT

Charles IT is your friendly, no-nonsense IT team focused on helping companies make their technology work for them. We focus on building relationships that deliver results.

Imageware

Imageware

Imageware is a leader in biometric cybersecurity. Protect against costly, damaging ransomware hacks by employing biometric cybersecurity solutions.

HackNotice

HackNotice

HackNotice Teams is an all-in-one encompassing tool that monitors threats within your organization, different vendors, and third parties whose services you use.

Istari

Istari

ISTARI is a new kind of cyber risk management company. We’re an agile collective of best-in-class capabilities and experts, who build ongoing partnerships with clients.

ThrottleNet

ThrottleNet

ThrottleNet provides world-class managed IT services and cybersecurity to organizations in St. Louis and throughout Missouri.

Cranium

Cranium

AI is being implemented into every business process, but nobody knows whether their AI is secure. Our mission is to deliver security and trust to the AI revolution.

SecureClaw

SecureClaw

SecureClaw offers specialized cybersecurity consultation, various products, and a range of services to meet your company's business domain needs.

Sonar

Sonar

AI generated or written by humans, Sonar’s Clean Code Solutions cover your code quality needs, improving code reliability, maintainability, and security.

Screwloose IT

Screwloose IT

Screwloose IT are a national provider of information technology services. We specialise in managed IT, cloud services, cyber security, website design and digital marketing for businesses of all sizes.

Culminate

Culminate

Adopt AI with confidence in your SOC. Utilize human-AI teaming to conduct your investigations with unmatched accuracy and speed.