The US Environmental Protection Agency (EPA) allegedly had its global contact list of critical infrastructure contacts stolen and posted on a data leak forum.
Attackers posted the EPA’s list during the weekend, claiming that it contains all contact information the US environment watchdog has for critical infrastructure facilities all over the world.
The dataset, which supposedly holds a whopping 15 million data points on 8.5 million individuals, includes names, surnames, email addresses, phone numbers, job titles, and company names.
We have reached out to EPA for comment but did not receive a response before publishing.
The Cybernews research team has looked at the data sample attackers included in the post and concluded that the posted information appears to be legitimate. However, the latest data point included in the leaked dataset is from 2016.
The dataset was uploaded by an attacker known as “USDoD,“ who has claimed responsibility for several high-profile hacks such as Airbus, Deloitte, NATO, CEPOL (European Union Agency for Law Enforcement Training), Europol, and Interpol.
“Today, I’m proud to say that I’m releasing the epa.gov database contact list. This is their entire contact of Critical Infra not only for the USA but for the entire globe,” reads the attacker’s post.
The threat actor suggests he’s got three databases that weigh 3GB when compressed.
While the information is not recent, attackers could still use it for targeted phishing attacks. If successful, phishing attacks could grant threat actors access to critical infrastructure facilities.
For example, in the past, “USDoD” claimed to have accessed Airbus by compromising a Turkish Airlines employee account.
The EPA is an independent agency of the US that’s responsible for environmental protection. It’s headquartered in Washington, DC, and employs over 14,000 staff.
Your email address will not be published. Required fields are markedmarked