Menu
Browse

Cyber Threat Actor: Richard Liriano

Actor Type Location Known Incidents
 Icon
Insider - Disgruntled
United States of America
1 incident
Profile

Richard Liriano, also known by the alias Richard Liriano, is a former information technology employee who operated within the United States, specifically in the New York City area. He was employed at a hospital in that region and abused his administrative privileges from at least 2013 through 2018 to target coworkers, primarily female colleagues, for the purpose of obtaining and using their personal data for his own personal use. His actions were directed against the healthcare sector, focusing on a single institution where he had legitimate access, and resulted in the compromise of approximately seventy email accounts belonging to hospital staff or individuals associated with them. The actor’s strategic objective, as stated in court documents, was the personal acquisition of private information rather than financial gain, espionage, or disruption of services.

Liriano’s typical tactics involved the unauthorized installation of malicious software, notably a keylogger, on hospital computers to capture usernames and passwords as victims entered them. He then used these stolen credentials to log into the compromised accounts, accessing personal email, social media, cloud storage, and other password‑protected services where he exfiltrated documents such as tax records, personal photographs, and explicit media. The intrusions were carried out by exploiting his trusted IT position, requiring no external initial access vector beyond his legitimate administrative rights, and the tooling style consisted of readily available keylogger programs and manual navigation of victims’ online accounts. The activity caused over $350,000 in remediation costs for the hospital due to network damage and necessitated a comprehensive security overhaul following the discovery of the breach.

The conduct led to a federal prosecution spearheaded by the FBI and the Southern District of New York’s Office of the United States Attorney, resulting in Liriano pleading guilty to computer intrusion charges. He was sentenced to thirty months in federal prison by Judge Lewis A. Kaplan, with the case handled by the Complex Frauds and Cybercrime Unit. No public evidence links him to any state sponsor, criminal consortium, or larger hacking group; the incident is characterized as an insider threat perpetrated by an individual acting alone. The case remains a representative example of how privileged insider access can be misused to conduct prolonged credential theft and data exfiltration within a trusted environment.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source