Cyber Threat Actor: Robert Murray
| Actor Type | Location | Known Incidents |
Criminal
|
United States of America
|
1 incident |
|---|
Profile
Robert Murray, also known as Ronald M. Murray Jr., is an individual threat actor based in the United States who gained public attention following a 2016 breach of a legacy University of New Mexico database. The compromised system contained personal information—including names, birth dates, social security numbers, addresses, and email addresses—for over 1,300 former students and employees of a now‑defunct College of Education program. After the intrusion, Murray allegedly used the stolen data to commit identity theft and fraud, leading to unauthorized financial transactions and the opening of accounts in victims’ names. He was subsequently arrested by law enforcement and held on a $100,000 cash‑only bond while investigations continued.
The actor’s targeting appears focused on educational institutions and the individuals associated with them, specifically exploiting outdated university records that retained social security numbers as identifiers. His observed actions were directed toward financial gain, as evidenced by a week‑long crime spree in Las Cruces where he fraudulently purchased three vehicles and merchandise totaling nearly $90,000 using false identifications. The charges filed against him—including multiple counts of identity theft, forgery, fraud, and fraudulent use of a credit card—underscore a motive centered on monetary profit rather than espionage or disruption.
In terms of tactics, Murray’s initial access involved hacking into the legacy UNM database, after which he exfiltrated data onto a flash drive recovered by police. He then employed the stolen personal information to fabricate driver’s licenses and bogus financial documents, which he used to execute fraudulent purchases and open unauthorized accounts. The use of physical storage media for data theft and the creation of counterfeit identification documents represent the primary tooling and methodological themes evident in the reported incident. No malware families or sophisticated intrusion tools are described in the available sources.
Attribution to any state sponsor, criminal consortium, or larger affiliate network is not established in the public record; the actor is portrayed as an individual operating independently. The most notable campaign linked to Murray is the UNM database breach and the subsequent identity‑theft fraud spree in Las Cruces, which resulted in significant financial losses for victims and prompted a university‑led response effort including credit monitoring and a victim assistance call center. Ongoing investigations at the time of reporting suggested the possibility of additional federal charges, but no further operations have been publicly attributed to him.
