Menu
Browse

Cyber Threat Actor: John Binns

Actor Type Location Known Incidents
 Icon
Hacker
United States of America
1 incident
Profile

John Binns is an alias used by a threat actor known to operate from the United States of America. The only publicly available information ties this actor to a single intrusion against a telecommunications provider located in the United States. No other sectors or geographic regions have been explicitly linked to the actor in open sources. Consequently, any description of the actor’s typical targeting is limited to the telecommunications industry within the United States.

The intrusion attributed to John Binns began with a malicious attack against the email vendor used by the telecommunications company. By compromising the vendor, the actor gained unauthorized access to the employee email accounts of the target organization. From those accounts, the attacker exfiltrated a range of personal data including names, addresses, phone numbers, account details, billing information, and for some individuals Social Security numbers, financial account data, or government identifiers. No specific malware families, custom tools, or post‑exploitation frameworks were disclosed in the public reporting of this incident.

The March 3, 2020 compromise marked the second known email‑related breach for the telecommunications firm within a short period, following an earlier incident that affected prepaid service customers. After discovering the unauthorized access, the company issued SMS notifications to affected customers advising them to change their personal identification numbers. The breach exposed both current and former customer information, though the total number of impacted individuals was not disclosed by the organization. This event remains the sole publicly documented operation associated with the alias John Binns.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources