Dark Angels

Threat Actor updated 2 months ago (2024-09-26T20:01:11.035Z)

Download STIX

Preview STIX

Dark Angels, a threat actor group with malicious intent, has emerged as a significant cybersecurity concern since its first appearance in May 2022. Known for their ransomware attacks, the group has been involved in several high-profile cybercrimes, targeting large corporations and stealing vast amounts of data. They have notably claimed the theft of 1TB of data from chipmaker Nexperia. In addition to data theft, Dark Angels have also targeted companies such as Johnson Controls and global food distribution firm Sysco, causing substantial disruption and financial loss. In February 2024, Dark Angels received unprecedented attention when they reportedly received a record-breaking $75 million ransom payment from an unidentified Fortune 50 company, possibly pharmaceutical giant Cencora. This marked the largest single ransom payment ever recorded, highlighting the increasing severity and financial implications of the group's activities. Despite their reluctance to deploy ransomware malware due to the potential business disruption it causes, this event demonstrated their capacity for high-stakes extortion. The Dark Angels' modus operandi includes publishing stolen data from victims who refuse to pay the demanded ransom, thereby adding reputational damage to the financial impact. Notable instances include the attack on travel booking giant Sabre in September 2023, where customer data was exposed following a ransomware attack. The rising threat posed by Dark Angels underscores the urgent need for robust cybersecurity measures and proactive response strategies to mitigate the risk and impact of such attacks.

Description last updated: 2024-09-26T19:18:28.422Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Dunghill Leak is a possible alias for Dark Angels. The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, alth	3
Babuk is a possible alias for Dark Angels. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	2
RansomedVC is a possible alias for Dark Angels. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat	2
Dunghill is a possible alias for Dark Angels. Dunghill is a threat actor, also known as a hacking group, that has been active since early 2023 according to WatchGuard. The group operates under the umbrella of the Dark Angels ransomware group, which itself has been active since May 2022. Dunghill is notorious for its malicious activities involvi	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Esxi

Extortion

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Dark Angels Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	2 months ago	U.S. Indicts 2 Top Russian Hackers, Sanctions Cryptex
BankInfoSecurity	3 months ago	Ransomware Again on Track to Achieve Record-Breaking Profits
Securityaffairs	3 months ago	Ransomware payments rose from $449.1 million to $459.8 million
BankInfoSecurity	3 months ago	The Upside-Down, Topsy-Turvy World of Ransomware
InfoSecurity-magazine	3 months ago	Another Record Year For Ransomware Beckons as Crypto Profits Hit $460m
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Krebs on Security	4 months ago	Low-Drama ‘Dark Angels’ Reap Record Ransoms
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	4 months ago	Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand
Securityaffairs	4 months ago	Pharma Giant Cencora confirmed the theft of personal and health information
InfoSecurity-magazine	4 months ago	Researchers Uncover Largest Ever Ransomware Payment of $75m
Securityaffairs	4 months ago	A Fortune 50 company paid a record-breaking $75 million ransom
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	5 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION