Listen to this Post
Introduction
A shocking cybercrime case involving former federal contractors has revealed how insider threats continue to pose one of the greatest dangers to government infrastructure. A Virginia man has now been convicted after participating in a coordinated attack that resulted in the destruction of dozens of U.S. government databases shortly after he and his twin brother were fired from their jobs. The incident exposed major concerns about contractor oversight, privileged system access, and the growing risks associated with digital sabotage from trusted insiders.
The case also highlights a disturbing pattern. The two brothers had already served prison sentences years earlier for unauthorized access to U.S. government systems and identity theft. Despite that criminal history, they were later rehired into sensitive technology roles connected to federal agencies. Prosecutors say that after losing those jobs in February 2025, the brothers retaliated within hours by wiping critical systems, deleting records, and attempting to erase evidence of their activities.
The destruction reportedly affected nearly one hundred government databases and included sensitive investigative files and Freedom of Information Act records. Investigators also revealed that one of the brothers allegedly used an artificial intelligence assistant to ask how to clear system logs after the attack. The case has quickly become one of the most alarming insider cyber sabotage incidents in recent years.
Former Contractors Accused of Coordinated Digital Revenge
According to prosecutors, 34-year-old Sohaib Akhter and his twin brother Muneeb Akhter worked as contractors for a company that managed government-hosted data and supported more than 45 federal agencies. Their positions gave them access to critical infrastructure and sensitive databases stored on servers located in Ashburn, Virginia.
The company eventually discovered Sohaib Akhter’s prior felony conviction and terminated both brothers during a remote online meeting on February 18, 2025. Authorities claim that immediately after being fired, the brothers launched a retaliatory cyberattack against their employer and multiple government systems.
Investigators say the pair accessed protected computer systems without authorization, write-protected databases to prevent recovery attempts, and then began deleting records. Court documents allege that approximately 96 government databases were wiped within just several hours.
Among the destroyed materials were sensitive investigative records tied to multiple federal agencies, including documents connected to ongoing government operations and Freedom of Information Act requests. Prosecutors described the attack as deliberate, organized, and highly destructive.
The Justice Department also revealed that after deleting a Department of Homeland Security database, the brothers allegedly used an AI assistant to search for ways to clear system logs and cover their tracks. Authorities say they later wiped company-issued laptops before returning them and discussed cleaning their house in anticipation of a law enforcement raid.
A History of Cybercrime Before the 2025 Attack
This was not the first time the Akhter brothers faced federal cybercrime charges. Back in 2016, both men pleaded guilty to illegally accessing U.S. State Department systems. Prosecutors at the time said they stole personal information belonging to co-workers as well as a federal law enforcement officer investigating their activities.
The brothers were sentenced to prison for those crimes. However, after completing their sentences, they managed to return to government contracting work despite their criminal background.
That detail has become one of the most controversial aspects of the case. Cybersecurity experts have questioned how individuals previously convicted of federal system intrusions regained access to infrastructure connected to dozens of U.S. agencies.
Authorities argue that the brothers exploited trusted access privileges rather than relying on sophisticated external hacking techniques. This made the attack especially dangerous because insider attacks often bypass traditional cybersecurity defenses.
Prosecutors Describe Widespread Damage
Federal investigators painted a serious picture during the trial. Prosecutors argued that the brothers intentionally caused operational disruption across government systems and attempted to permanently destroy digital evidence.
Inspector General Jennifer L. Fain of the FDIC Office of Inspector General stated that the defendants participated in unauthorized access operations, theft of credentials, and the destruction of sensitive government information.
Officials stressed that the case demonstrates how insider threats remain one of the hardest cybersecurity risks to detect and stop. Employees and contractors with elevated privileges can potentially bypass many security controls if monitoring systems and access management procedures are weak.
Authorities also emphasized that attempts to erase logs and destroy forensic evidence showed a clear effort to obstruct the investigation and complicate recovery efforts.
Potential Prison Sentences Could Be Severe
Sohaib Akhter is scheduled to be sentenced on September 9, 2026. He currently faces a maximum prison sentence of 21 years.
His twin brother Muneeb Akhter faces even more severe penalties. Prosecutors say he could receive up to 45 years in prison on charges that include computer fraud, conspiracy to destroy records, aggravated identity theft, and theft of U.S. government records.
The sentencing phase will likely focus heavily on the scale of damage caused to federal agencies and the potential national security implications connected to the destroyed data.
The AI Angle Raises New Cybersecurity Questions
One of the most talked-about elements in this case is the alleged use of artificial intelligence during the cleanup phase of the attack. Prosecutors claim the brothers used an AI assistant to ask how system logs could be erased after deleting government databases.
While AI tools themselves are not responsible for criminal actions, the incident reflects a growing concern inside the cybersecurity industry. Threat actors are increasingly experimenting with generative AI to accelerate attacks, automate research, and improve operational concealment.
Security analysts have repeatedly warned that AI systems can unintentionally assist malicious actors by rapidly providing technical guidance that once required specialized expertise or underground forums.
At the same time, defenders are also adopting AI-powered security monitoring tools to identify abnormal behavior, suspicious commands, and insider threats more quickly.
What Undercode Say:
The Akhter case exposes a dangerous reality that many organizations still underestimate: the insider threat problem is often more severe than external hacking campaigns. Companies spend millions protecting systems from foreign attackers while overlooking the risks created by trusted employees and contractors with privileged access.
This incident also demonstrates a major failure in contractor vetting and long-term access governance. The fact that individuals previously convicted of breaching federal systems later regained access to infrastructure supporting dozens of agencies raises serious questions about security clearance review processes and oversight mechanisms.
The rapid timeline of the attack is especially alarming. Prosecutors say nearly 100 databases were destroyed within hours after termination. That suggests the attackers retained powerful permissions even after the firing process began. In high-risk environments, account suspension and privilege revocation should happen instantly during employee termination procedures.
Another important issue is the use of write-protection before deletion. This indicates the attackers understood recovery operations and intentionally attempted to delay incident response. Such behavior reflects insider knowledge of infrastructure workflows rather than random sabotage.
The AI-related element of the case should also not be ignored. Although AI did not conduct the attack itself, it reportedly assisted the attackers in researching methods to erase evidence. This is likely only the beginning of a much larger trend where malicious insiders combine AI tools with privileged access to accelerate destructive operations.
Government agencies and private contractors may now face increased pressure to implement stricter zero-trust architectures. Under zero-trust models, no user is automatically trusted, even if they already have internal access. Continuous verification, behavioral monitoring, and segmented permissions become essential.
The case also reinforces the importance of immutable backups and recovery systems. If databases can be permanently destroyed by a small number of insiders, then disaster recovery planning is insufficient. Organizations need offline backups, real-time replication, and rapid rollback capabilities to survive these types of attacks.
Behavioral analytics may become a central defense mechanism moving forward. Modern security systems can flag unusual administrative commands, mass deletions, privilege escalations, or abnormal access patterns in real time. If such monitoring had been aggressively deployed, investigators might have detected the destructive activity earlier.
There is also a psychological dimension to insider attacks that organizations often fail to recognize. Employee terminations are among the highest-risk periods for sabotage incidents. Companies handling sensitive government data should have dedicated offboarding protocols involving immediate credential revocation, device lockdowns, and active monitoring.
The broader cybersecurity industry will likely study this case for years because it combines multiple modern threat elements at once: insider access, government infrastructure exposure, credential abuse, anti-forensic activity, and AI-assisted operational concealment.
Another concerning detail is how quickly destructive actions escalated after the termination meeting. This suggests the attack may have been emotionally driven and premeditated. Security teams increasingly need to treat disgruntled insiders as serious operational threats rather than isolated HR problems.
This case may also influence future regulations involving federal contractors. Agencies could tighten background checks, limit contractor privileges, or require continuous risk reassessment for individuals with prior cybercrime convictions.
The long-term impact extends beyond the individuals involved. Every government contractor handling sensitive data may now face greater scrutiny from federal agencies and cybersecurity auditors.
Ultimately, the Akhter case is not just about two individuals deleting databases. It is a warning about systemic weaknesses in access management, insider threat detection, and digital trust within critical infrastructure environments.
Fact Checker Results
✅ Federal prosecutors confirmed that nearly 96 government databases were allegedly destroyed following the brothers’ termination.
✅ Court documents stated the defendants previously pleaded guilty in 2016 to unauthorized access involving U.S. State Department systems.
❌ There is currently no public evidence suggesting foreign nation-state involvement in the attack.
Prediction
🔮 Insider-threat monitoring technologies will become a much larger priority for federal contractors over the next two years.
🔮 AI-assisted cybercrime investigations will likely increase as authorities examine how attackers use generative AI during intrusions and evidence destruction.
🔮 Government agencies may introduce stricter contractor access controls and faster credential revocation procedures after high-risk employee terminations.
🕵️📝Let’s dive deep and fact‑check.
References:
Reported By: www.bleepingcomputer.com
Extra Source Hub (Possible Sources for article):
https://www.stackexchange.com
Wikipedia
OpenAi & Undercode AI
Image Source:
Unsplash
Undercode AI DI v2
Bing
🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]
📢 Follow UndercodeNews & Stay Tuned:
𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky | 🐘Mastodon
