Former Government Contractor Convicted for Wiping Dozens of Federal Databases
What Happened — A former federal contractor, Sohaib Akhter, and his twin brother Muneeb Akhter were convicted of conspiring to destroy roughly 96 government databases after being terminated in February 2025. The brothers accessed privileged systems, write‑protected the data, and deleted the records within hours, also attempting to erase system logs.
Why It Matters for TPRM —
- Insider threats can materialize instantly after termination, bypassing traditional perimeter defenses.
- Destruction of government‑hosted data demonstrates the need for robust off‑boarding and continuous monitoring of privileged accounts.
- Supply‑chain partners that host or process sensitive data must enforce immutable logging and tamper‑evident controls.
Who Is Affected — Federal agencies (45+ agencies), contractors handling government data, and any third‑party cloud‑hosting providers.
Recommended Actions —
- Review and harden off‑boarding procedures for all privileged users.
- Deploy immutable audit logs and real‑time alerting for privileged actions.
- Enforce least‑privilege access and multi‑factor authentication for remote contractors.
- Conduct periodic insider‑threat simulations and tabletop exercises.
Technical Notes — The attackers leveraged stolen credentials from their former employer, used write‑protect commands to lock databases, and executed deletion scripts. No public CVE was involved; the attack vector was insider credential misuse. Source: BleepingComputer