USFG A.I CyberSecurity Scoring
USFG
Company Information
Website:https://www.usa.gov
Employees number:4,300
Number of followers:10,486
NAICS:92
Industry Type:Government Administration
Homepage:usa.gov
USFG Risk Score (AI oriented)
Between 0 and 549
USFGGovernment Administration
Updated:
05/05/2026
05/05/2026
307/1000
Critical
C
USFG Global Score (TPRM)
xxxx
USFGGovernment Administration
Score locked

USFGCritical
Current Score
307C (CRITICAL)
01000
5 incidents
-20 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
331
JUNE 2026
316
MAY 2026
307
APRIL 2026
297
MARCH 2026
293
FEBRUARY 2026
282
JANUARY 2026
276
DECEMBER 2025
262
NOVEMBER 2025
251
OCTOBER 2025
248
SEPTEMBER 2025
258
Cyber Attack
29 Sep 2025 • USFG
U.S. Federal Government (Representative Moolenaar's office and associated entities)
APT41 Impersonation Attack Targeting Representative Moolenaar During U.S.-China Trade Talks
238
HIGH-20
UNI1153111110725
APT41, a state-sponsored advanced persistent threat group linked to China, impersonated Representative Moolenaar via a spear-phishing email targeting trade groups and law firms during U.S.-China trade negotiations. The attack involved a malicious draft proposal attachment soliciting input, exploiting recipients' trust in Moolenaar’s authority to gather strategic insights, policy feedback, and potentially sensitive trade-related intelligence. The emotional manipulation—leveraging flattery and perceived exclusivity—heightened the attack’s credibility. While no explicit data breach (e.g., financial or PII theft) was confirmed, the operation aimed to compromise confidential trade discussions, undermining U.S. negotiation leverage. The incident underscored vulnerabilities in federal email security, particularly against AI-enhanced impersonation attacks, and highlighted gaps in BOD 18-01 compliance (SPF/DKIM/DMARC) and zero-trust adoption. The attack’s timing and targeting of high-profile stakeholders elevated risks of geopolitical espionage and reputational damage to U.S. trade policy integrity.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
AUGUST 2025
249
JULY 2025
756
Ransomware
01 Jul 2025 • USFG
Government 911 Emergency System: Latvian Cybercriminal Jailed for Role in Multi-Million Dollar Ransomware Scheme
Latvian Cybercriminal Sentenced for Role in Major Ransomware Operation
229
CRITICAL-527
UNI1777983923
Latvian Cybercriminal Sentenced for Role in Major Ransomware Operation
A Latvian national, Deniss Zolotarjovs, has been sentenced to 102 months in prison for his involvement in a Russian-linked ransomware syndicate that targeted over 54 companies worldwide between June 2021 and August 2023. The sentencing, announced by the U.S. Department of Justice, marks a key victory in dismantling international cybercrime networks.
Zolotarjovs played a central role in the group’s extortion operations, which operated under multiple ransomware brands, including Conti, Karakurt, Royal, TommyLeaks, SchoolBoys Ransomware, and Akira. His primary responsibility was escalating pressure on victims who resisted ransom demands by analyzing stolen data and leveraging sensitive information to force compliance. In one case, he exploited children’s health records from a pediatric healthcare provider, threatening to leak or sell the data if payments were not made. Court documents reveal he distributed sensitive records to hundreds of patients to amplify fear.
The financial impact of the group’s attacks was severe. 13 companies reported losses exceeding $56 million, including $2.8 million in ransom payments, while 41 additional victims are believed to have paid around $13 million. Authorities estimate the total financial damage could reach hundreds of millions, factoring in underreported incidents. Beyond monetary losses, the attacks exposed Social Security numbers, healthcare records, and personal data, with one incident disabling a government 911 emergency system, raising public safety concerns.
The ransomware operation functioned as a highly organized criminal enterprise, with members based primarily in Russia, including an office in St. Petersburg. Investigators found the group used shell companies across Russia, Europe, and the U.S. to obscure its activities. Some members had ties to former Russian law enforcement, enabling access to databases, intimidation tactics, and recruitment efforts while evading scrutiny through bribes and corruption.
Zolotarjovs was arrested in Georgia in December 2023 and extradited to the U.S. in August 2024 after contesting the process. In July 2025, he pleaded guilty to conspiracy to commit money laundering and wire fraud. The case was led by the FBI, with support from international partners, underscoring law enforcement’s cross-border efforts to track cybercriminals.
Authorities continue to investigate related actors and networks as part of broader efforts to disrupt global ransomware operations. The sentencing highlights the persistent threat posed by such groups to businesses and critical infrastructure.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
JANUARY 2025
754
Breach
01 Jan 2025 • USFG
Tencent, MySpace, Twitter, Weibo, Canva, Adobe, Deezer, AdultFriendFinder, U.S. Government and Brazil Government: The 12-Terabyte Ghost: How a Record-Shattering Data Leak Is Arming a New Generation of Cyberattacks
Mother of All Breaches (MOAB)
489
CRITICAL-265
TENMYSTWITENCANADODEEFRIUNIBRA1769520245
The "Mother of All Breaches": 26 Billion Records Exposed in Unprecedented Data Leak
Security researchers have uncovered what may be the largest compilation of stolen credentials in history a 12-terabyte database dubbed the "Mother of All Breaches" (MOAB), containing 26 billion records from thousands of prior data leaks. Discovered by researcher Bob Dyachenko of SecurityDiscovery.com in collaboration with Cybernews, the dataset was found on an open, publicly accessible server, though its owner remains unknown.
Unlike a single hack, the MOAB is a "compilation of breaches" (COB), aggregating credentials from major platforms, including:
- 1.5 billion records from Tencent
- 504 million from Weibo
- 360 million from MySpace
- 281 million from Twitter (X)
- Millions more from LinkedIn, Adobe, Canva, Deezer, AdultFriendFinder, and others
The dataset also includes records from government organizations in the U.S., Brazil, Germany, the Philippines, and Turkey, amplifying risks for both individuals and enterprises.
### Why This Breach Is a Game-Changer
The MOAB’s danger lies in its consolidation and accessibility. Instead of scattered leaks, attackers now have a single, searchable repository for credential stuffing, phishing, and targeted attacks. While many passwords are outdated, the sheer volume ensures some will still work especially given widespread password reuse.
Worse, experts warn the dataset may include fresh data from infostealer malware, which harvests current credentials, browser cookies, and autofill details. This hybrid threat combining historical breaches with live infections creates a highly effective tool for cybercriminals, from low-level fraudsters to initial access brokers (IABs) selling corporate network access to ransomware gangs.
### The Fallout: A New Era of Cyber Risk
The MOAB’s impact extends beyond individuals. Corporate and government networks are at heightened risk due to employees reusing passwords across personal and work accounts. A single compromised credential could provide attackers with a foothold for devastating intrusions.
Security experts emphasize that password-only authentication is now obsolete against such a vast dataset. The breach underscores the urgent need for multi-factor authentication (MFA), particularly phishing-resistant methods like FIDO2 security keys. Continuous monitoring of credentials against breach databases is also critical.
With the data now in the wild, the MOAB will fuel cyberattacks for years, marking a sobering shift in the threat landscape. The leak serves as a stark reminder: once exposed, data never truly disappears it only becomes more dangerous.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
Breach
01 Jan 2025 • USFG
Experian, Equifax, U.S. Government and Internal Revenue Service: Social Security data breach raises identity theft risk for millions
Unauthorized Social Security Data Access Raises Identity Theft Risks for Millions
489
CRITICAL-265
EXPEQUUNIIRS1769265453
Unauthorized Social Security Data Access Raises Identity Theft Risks for Millions
The Trump administration recently acknowledged in a court filing that U.S. agents accessed and shared sensitive Social Security data without authorization, following whistleblower allegations and a lawsuit claiming the information was misused for political purposes. While the full scope of the exposure remains unclear, cybersecurity and privacy experts warn that the breach underscores a persistent threat: Social Security numbers (SSNs) are among the most valuable tools for identity thieves, enabling fraud that often goes undetected until financial or tax-related damage occurs.
Experts emphasize that even limited exposure of SSNs can lead to severe consequences, including fraudulent credit applications, tax refund theft, medical identity theft, and unauthorized account takeovers. Criminals may use stolen data to file bogus insurance claims, manipulate medical records, or open new financial accounts activity that may not appear on traditional credit reports. Former federal prosecutor and privacy advocate Loewry noted that financial crimes rarely originate from credit reports, making proactive monitoring of bank, investment, and retirement accounts critical.
To mitigate risks, experts recommend several immediate steps:
- Freezing credit at all three major bureaus (Equifax, Experian, TransUnion) and the National Consumer Telecom & Utilities Exchange (NCTUE), which is used for telecom and utility approvals.
- Establishing an online Social Security account to prevent criminals from redirecting benefit payments.
- Obtaining an IRS Identity Protection PIN to block fraudulent tax filings.
- Enabling two-factor authentication on financial and online accounts.
- Monitoring the dark web for signs of exposed personal data, such as SSNs or email addresses.
The breach highlights broader vulnerabilities in how SSNs are stored and accessed, with experts advising consumers not to wait for confirmation of exposure before taking protective measures. Given the long-term risks including fraud that may surface years after initial exposure vigilance across all financial and medical accounts is essential.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
NOVEMBER 2022
769
Cyber Attack
01 Nov 2022 • USFG
United States Federal Government
U.S. Federal Network Cyberattack
743
CRITICAL-26
UNI1045221122
The U.S. Cybersecurity Infrastructure and Security Agency discovered a potential cyberattack on the U.S. Federal network, in which attackers have taken control of the organization's DC and used cryptominers and credential harvesters.
The attack, according to CISA, was started by hackers supported by the Iranian government who installed the XMRig crypto mining software, moved laterally to the domain controller (DC), stole passwords, and then placed Ngrok reverse proxies on a number of sites to ensure persistence.
With the aid of EINSTEIN, an intrusion detection system deployed across the FCEB, CISA conducts a routine investigation and suspected harmful APT activity on the FCEB network (IDS).
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for USFG ??
What was USFG's A.I Rankiteo Cyber Score in June 2026 ??
What was USFG's A.I Rankiteo Cyber Score in May 2026 ??
What was USFG's A.I Rankiteo Cyber Score in April 2026 ??
What was USFG's A.I Rankiteo Cyber Score in March 2026 ??
What was USFG's A.I Rankiteo Cyber Score in February 2026 ??
What was USFG's A.I Rankiteo Cyber Score in January 2026 ??
What was USFG's A.I Rankiteo Cyber Score in December 2025 ??
What was USFG's A.I Rankiteo Cyber Score in November 2025 ??
What was USFG's A.I Rankiteo Cyber Score in October 2025 ??
What was USFG's A.I Rankiteo Cyber Score in September 2025 ??
What was USFG's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on USFG's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with USFG ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view USFG's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?