DugganUSA LLC is a cybersecurity company based in Minnesota that builds AI-powered threat intelligence tools. Our platform indexes over 1 million indicators of compromise (IOCs), 400,000+ DOJ Epstein documents, and provides a free STIX 2.1 threat feed consumed by Fortune 500 companies and defense contractors.

Butterbot is DugganUSA's AI-powered security chatbot with 40+ tools for searching IOCs, correlating threat indicators, traversing threat graphs, analyzing behavioral patterns, and running CARVER risk assessments. It uses OpenAI function calling with Meilisearch-backed indexes.

What is AIPM (AI Presence Management)?

AIPM is a tool that audits how AI models (GPT, Claude, Gemini, Perplexity) perceive and recommend your brand. It calculates an AIPM-NPS score by directly querying AI models, analyzes your website structure for AI crawler readiness, and provides optimization recommendations. Think 'SEO for the LLM era.'

Is the Epstein Files search free?

Yes. The Epstein Files Search at epstein.dugganusa.com offers a free tier with 500 queries per day. It covers all 12 DOJ EFTA datasets (400K+ documents), 2M+ ICIJ offshore entities, and 2M+ federal decisions. Professional and enterprise tiers are available for researchers and journalists needing higher limits.

Who founded DugganUSA?

DugganUSA was founded by Patrick Duggan on December 1, 2025, in Minnesota. Patrick's background includes Dell EMC, Palo Alto Networks, and embedded work at Microsoft on JEDI/Azure Stack. The company's D-U-N-S number is 14-363-3562.

What is the DugganUSA STIX feed?

DugganUSA operates a free STIX 2.1 threat intelligence feed at analytics.dugganusa.com/api/v1/stix-feed. It contains 1M+ indicators of compromise including botnet C2s, malicious IPs, and attack infrastructure. The feed is TAXII 2.1 compliant and is consumed by major organizations including Microsoft, AT&T, Amazon, and defense contractors.

Salt Typhoon Goes to Washington

Patrick Duggan
Jan 9
2 min read

The Breach

Salt Typhoon—the MSS-backed threat group that compromised eight US telcos last year—has expanded its reach to the US House of Representatives.

House China Committee
Foreign Affairs
Intelligence
Armed Services

Staff emails on all four committees were accessed. The breach was discovered in December and disclosed January 7.

The Pattern

This isn't a new campaign. It's the same one.

Date	Target	Access
2024	T-Mobile, Verizon, AT&T, Lumen	Call metadata, unencrypted comms
2025	European telcos	Network infrastructure
Jan 2026	US Congress	Staff email systems

Salt Typhoon doesn't do smash-and-grab. They do persistent access to communications infrastructure. Telcos were phase one. Congress is phase two.

What They Can Do

From prior telco compromises, Salt Typhoon has:

Access to unencrypted phone calls and texts of "almost every American"
Voicemail access
Email access (now including congressional staff)
Call metadata showing who talks to whom

When you own the pipes, you own the conversations.

The Response

China's embassy (spokesperson Liu Pengyu): > "We firmly oppose the US side making unfounded speculation and accusations, using cyber security to smear and slander China."

Standard denial. Meanwhile, four committees responsible for China policy, foreign affairs, intelligence oversight, and military matters are compromised.

Why It Matters

Congressional staff on these committees handle:

Classified briefing materials
Policy drafts on China relations
Intelligence community coordination
Defense appropriations discussions

Even if email contents weren't read (unclear), access to communications patterns reveals priorities, relationships, and timing.

The Bigger Picture

Salt Typhoon is part of a "Typhoon" constellation:

Group	Focus
Salt Typhoon	Telecommunications, government comms
Volt Typhoon	Critical infrastructure pre-positioning
Flax Typhoon	IoT botnets, edge devices
Brass Typhoon	Unknown/emerging

This isn't espionage as a side project. It's systematic penetration of American communications infrastructure by Chinese intelligence services.

Recommendations

Assume state actors are in your communications
Use end-to-end encrypted channels for sensitive discussions
Segment email systems handling classified/sensitive matters

Signal > SMS
Encrypted email > regular email
Assume your carrier is compromised

Sources

About DugganUSA: We publish free threat intelligence for the 99% who can't afford enterprise security. Our STIX 2.1 feed tracks nation-state and criminal infrastructure.

STIX Feed | OTX Profile