NFCU A.I CyberSecurity Scoring
NFCU
Company Information
Website:http://www.navyfederal.org
Employees number:24,598
Number of followers:178,753
NAICS:52
Industry Type:Financial Services
Homepage:navyfederal.org
NFCU Risk Score (AI oriented)
Between 700 and 749
NFCUFinancial Services
Updated:
02/04/2026
02/04/2026
715/1000
Moderate
Ba
NFCU Global Score (TPRM)
xxxx
NFCUFinancial Services
Score locked

NFCUModerate
Current Score
715Ba (MODERATE)
01000
2 incidents
-38.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
720
JUNE 2026
718
MAY 2026
717
APRIL 2026
716
MARCH 2026
715
FEBRUARY 2026
713
JANUARY 2026
712
DECEMBER 2025
727
Cyber Attack
01 Dec 2025 • NFCU
Navy Federal Credit Union, USAA, Citibank, Fidelity Investments and Wells Fargo: Operation DoppelBrand: Weaponizing Fortune 500 Brands
Operation DoppelBrand: Sophisticated Phishing Campaign Targets Fortune 500 Firms
709
CRITICAL-18
CITWELNAVUSAFID1771266975
Operation DoppelBrand: Sophisticated Phishing Campaign Targets Fortune 500 Firms
An elusive cyberthreat group known as GS7 has been running Operation DoppelBrand, a large-scale phishing campaign targeting Fortune 500 companies, financial institutions, and high-value entities worldwide. First observed between December 2025 and January 2026, the operation leverages near-perfect replicas of corporate login portals to steal credentials and deploy remote management and monitoring (RMM) tools for further exploitation.
### Key Details of the Campaign
- Targets: Primarily U.S.-based financial institutions including Wells Fargo, USAA, Navy Federal Credit Union, Fidelity Investments, and Citibank alongside technology, healthcare, and telecommunications firms in Europe and other regions.
- Tactics: GS7 registers over 150 malicious domains via registrars like NameCheap and OwnRegistrar, routing traffic through Cloudflare to evade detection. Attackers exfiltrate stolen data usernames, passwords, IP addresses, geolocation, device fingerprints, and timestamps to Telegram bots controlled by the group.
- Infrastructure: The group has operated since at least 2022, with claims of activity dating back nearly a decade. Researchers linked GS7 to Brazilian cybercrime forums, where stolen credentials and financial data are traded.
- Impact: Beyond credential theft, GS7 installs RMM tools on victim systems, enabling remote access or malware deployment. The campaign’s sophistication including rotating infrastructure and meticulous branding mimicry has allowed it to evade detection until now.
### Researcher Findings
Security firm SOCRadar uncovered the operation, identifying a Telegram group ("NfResultz by GS") tied to the threat actor. A self-proclaimed GS7 member provided screenshots of past campaigns, including a Fidelity Investments phishing demo that triggered RMM tool downloads upon login. SOCRadar released TTPs (tactics, techniques, and procedures) and IoCs (indicators of compromise) to help defenders track the group’s activities.
With English-speaking markets as the primary focus, GS7’s DoppelBrand campaign remains active, underscoring the growing threat of highly organized, financially motivated phishing operations.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2025
727
OCTOBER 2025
726
SEPTEMBER 2025
783
Breach
05 Sep 2025 • NFCU
Navy Federal Credit Union (NFCU)
Unprotected Database Exposure at Navy Federal Credit Union (NFCU)
724
HIGH-59
NAV0465604090625
Cybersecurity researcher Jeremiah Fowler discovered an unprotected 378 GB database belonging to Navy Federal Credit Union (NFCU), exposed publicly without encryption or password protection. The breach revealed sensitive internal files, including operational metadata, hashed passwords, system logs, plain-text usernames/emails, and Tableau workbooks containing database connection details, financial formulas, and loan portfolio metrics. While no direct customer data (e.g., account numbers, SSNs) was exposed in plain text, the leaked internal details—such as employee credentials, system architectures, and business intelligence—create severe risks. Attackers could exploit this information for phishing, credential stuffing, or supply-chain attacks, potentially escalating access to member data or financial systems. The incident underscores systemic vulnerabilities in third-party handling of sensitive data, though NFCU secured the database after discovery. The exposure, while not immediately catastrophic, provides cybercriminals with a roadmap for deeper intrusions, threatening long-term operational and member security.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
783
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for NFCU ??
What was NFCU's A.I Rankiteo Cyber Score in June 2026 ??
What was NFCU's A.I Rankiteo Cyber Score in May 2026 ??
What was NFCU's A.I Rankiteo Cyber Score in April 2026 ??
What was NFCU's A.I Rankiteo Cyber Score in March 2026 ??
What was NFCU's A.I Rankiteo Cyber Score in February 2026 ??
What was NFCU's A.I Rankiteo Cyber Score in January 2026 ??
What was NFCU's A.I Rankiteo Cyber Score in December 2025 ??
What was NFCU's A.I Rankiteo Cyber Score in November 2025 ??
What was NFCU's A.I Rankiteo Cyber Score in October 2025 ??
What was NFCU's A.I Rankiteo Cyber Score in September 2025 ??
What was NFCU's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on NFCU's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with NFCU ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view NFCU's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?