Full Report
Diogo Santos Coelho (aka “Omnipotent” of RaidForums) was arrested in January 2022 in the U.K. when he traveled there to visit his mother. For the past 3+ years, he has been in limbo while both the U.S. and Portugal seek his extradition. It has not been a straightforward matter legally. Far from it, actually. The... Source
Analysis Summary
# Threat Actor: Diogo Santos Coelho (a.k.a. "Omnipotent")
## Attribution & Identity
* **Identified Individual:** Diogo Santos Coelho.
* **Known Aliases:** "Omnipotent."
* **Associated Group:** Associated with running **RaidForums**.
## Activity Summary
The summary focuses on the ongoing legal and extradition status of Diogo Santos Coelho rather than a specific cyber campaign.
* Arrested in January 2022 in the U.K. after traveling there.
* Subject to competing extradition requests from the **United States** (based on alleged crimes related to operating RaidForums) and **Portugal** (Coelho is a Portuguese national, and the warrant includes offenses affecting Portuguese entities/residents).
* The immediate context is a U.K. High Court ruling that **quashed** the Secretary of State for the Home Department's (SSHD) decision that favored extradition to the U.S.
* The court affirmed Coelho's right to present representations regarding his preference for extradition to Portugal before a new decision is made.
## Tactics, Techniques & Procedures
This information is inferred from the predicate offenses leading to the extradition request, not direct observed APT techniques:
* Running and operating cyber forums (RaidForums).
* Alleged involvement in money laundering and tax fraud (as cited in the Portuguese warrant).
* **Legal/Procedural Tactics (Defense):** Utilized legal avenues to challenge extradition fairness, arguing procedural unfairness, mistake of fact, human rights concerns, mental health issues, and local ties.
## Targeting
* **Sectors:** Pertains primarily to law enforcement and judicial bodies in the UK, US, and Portugal. The original underlying activity related to RaidForums likely targeted a broad range of entities from which data was allegedly breached or sold.
* **Geography:** Legal proceedings concerning extradition occurring in the United Kingdom (London). Original alleged crimes span the US and Portugal.
* **Victims:** The Portuguese state and Portuguese entities/residents are explicitly mentioned as victims in connection with the Portuguese warrant. Victims related to the US request (derived from RaidForums activities) are not specified in detail but are implied to exist.
## Tools & Infrastructure
* **Malware Families Used:** None explicitly mentioned in the context of the extradition summary.
* **Infrastructure (C2, domains, IPs):** Associated with running the platform **RaidForums**. No specific technical infrastructure details (IPs/domains) are provided in this purely legal summary.
## Implications
The High Court ruling delays the US extradition and forces the SSHD to conduct a fairer review, potentially allowing Coelho to return to Portugal to face trial for offenses allegedly committed while he was a child there. This sets a procedural precedent favoring the right to be heard in complex extradition cases involving competing international requests and personal circumstances.
## Mitigations
Mitigations are focused on procedural fairness in international legal proceedings for extradition cases involving competing sovereign requests:
* Ensure procedural fairness by allowing claimants to present full representations to the decision-maker (e.g., the Secretary of State).
* Thorough factual verification: Decision-makers must not rely on inaccurate information (e.g., regarding the identity or scope of offenses or victim locations).
* Consider all relevant subjective factors, including personal ties, health, and the nature/seriousness of charges across competing jurisdictions.