Cyber Threat Actor: Nicholas Moore
| Actor Type | Location | Known Incidents |
Sensationalist
|
United States of America
|
3 incidents |
|---|
Profile
Nicholas Moore, also known by the alias Nicholas Moore, is an individual based in Tennessee, United States of America, who came to public attention after pleading guilty to computer fraud offenses in early 2023. He was identified as the perpetrator behind a series of unauthorized intrusions into several U.S. government systems, including the Supreme Court's electronic filing platform, the AmeriCorps computer servers, and the Department of Veterans Affairs' MyHealtheVet portal. The intrusions were carried out using illicitly obtained credentials, allowing him to access personal data belonging to the legitimate account holders. After gaining entry, he extracted screenshots of the compromised information and disseminated them publicly through an Instagram account operating under the handle @ihackedthegovernment. His actions exposed sensitive personal records belonging to multiple individuals, among them a Marine Corps veteran whose VA health account was compromised. The conduct was described in court filings as repeated breaches occurring over several days, during which he navigated the targeted networks to collect and exfiltrate data.
In the ensuing legal proceedings, Nicholas Moore admitted to one misdemeanor count of computer fraud related to the illicit access and disclosure of the obtained information. The plea agreement acknowledged that he had targeted additional government entities beyond those specifically named, although the court documents did not enumerate further victims. As a result of the guilty plea, he faces a statutory maximum sentence of one year of incarceration, reflecting the classification of the offense as a misdemeanor under federal computer fraud statutes. No evidence has been presented linking his activity to any state sponsor, organized criminal group, or ideological movement, and the public record characterizes him as an individual actor acting alone. The case illustrates how compromised credentials can be leveraged to infiltrate multiple federal platforms and how the subsequent disclosure of harvested data on social media can amplify the impact of such intrusions. The outcome underscores the applicability of existing computer fraud statutes to address credential‑based breaches that result in the public release of personal information.
