Musk’s Department Suspected of Cyber Operation Against U.S. Federal Agency in Favor of Russia

The U.S. department DOGE, led by Elon Musk, is suspected of organizing a large-scale leak of confidential databases to unknown recipients in Russia.

The details of the incident were revealed by a government official in a joint statement with the human rights organization Whistleblower Aid.

Daniel Berulis, a cybersecurity expert and security developer at the National Labor Relations Board, informed the U.S. Congress about a covert cyber operation against his agency, which was allegedly organized by the Department of Government Efficiency (DOGE).

In early March, the employees of the department arrived at the headquarters of the National Labor Relations Board, which handles labor complaints and has access to classified information, to audit the agency for compliance with the new government’s policy on cost-cutting and efficiency growth. However, from the outset, National Board employees were alarmed by the requests and actions of the department’s team.

DOGE employees gained full control over the agency’s cloud infrastructure in the Azure data storage and processing service, where they were granted elevated access — even higher than the agency’s IT director.

External specialists immediately disabled logging (activity logs), meaning that all actions of DOGE were not documented and, in fact, were untraceable. After that, security systems that were supposed to record suspicious activity were turned off, along with multi-factor authentication, significantly reducing the system’s security.

To carry out their work, Musk’s department employees used external tools that are typically not used in government institutions, such as those for automating requests and bypassing restrictions.

Security personnel at the National Labor Relations Board noticed unusual activity: about 10 GB of data was extracted from the agency’s database servers. Cloud resource costs increased by 8%, which may indicate the use of powerful but short-term computing resources for data theft.

The worst part: 15 minutes after the creation of DOGE accounts, someone from Russian IP addresses attempted to log into the system using their usernames and passwords. This directly suggests either a breach of DOGE’s devices or the intentional transfer of data to external users.

Consequences of the Incident

An independent federal agency investigates and makes decisions regarding complaints about unfair working conditions. It holds a large amount of confidential data about employees, labor unions, ongoing lawsuits, and corporate secrets.

Labor law experts fear that this data could be misused, including by private companies involved in cases with the agency, in order to obtain information about the sources of complaints, union leadership, legal strategies, and internal data on competitors, including Musk’s SpaceX. According to them, this could also intimidate whistleblowers who might speak out about unfair labor practices.

Berulis reported that after the disclosure, he had found a drone photo of himself on his door, along with a threat. Even after all this, U.S. cybersecurity services were not involved. The investigation was halted at a high level.