Dark Angels

Threat Actor Profile Updated 3 days ago
Download STIX
Preview STIX
Dark Angels, a threat actor or hacking team, has been involved in various high-profile cyberattacks with malicious intent. This group is known for its ransomware attacks, where they encrypt a victim's data and demand a ransom to restore access. The Dark Angels have targeted multiple companies, demonstrating their ability to breach even well-protected systems. In September 2023, the Dark Angels executed a significant attack on Johnson Controls, a multinational conglomerate that produces automotive parts, electronics, and HVAC equipment. Following the hack, the group demanded a ransom of $51 million, highlighting the scale and severity of their operations. The incident raised concerns about the potential repercussions for other businesses in similar industries and emphasized the need for enhanced cybersecurity measures. More recently, the Dark Angels claimed responsibility for a massive data breach at Nexperia, a leading global semiconductor manufacturer. They reportedly stole 1 terabyte of data from the company, marking another significant escalation in their activities. Following the theft, the Dark Angels added Nexperia to their list of victims on their Tor leak site, further affirming their role in the attack. These incidents underscore the growing threat posed by this group and the urgent need for robust countermeasures.
What's your take? (Question 1 of 5)
5080e238-b1fb-4d40-b4d0-4d159eea9032 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Babuk
2
Babuk is a form of malware, specifically ransomware, that infiltrates systems often through suspicious downloads, emails, or websites. Once inside, it can cause severe disruptions, steal personal data, or even hold the system's data hostage for ransom. Various versions and variants of Babuk ransomwa
RansomedVC
2
RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat
Dunghill Leak
2
Dunghill Leak, a relatively new ransomware group, emerged into public view on September 8, 2023, claiming responsibility for a significant cyberattack on the global travel booking giant, Sabre's systems. The group allegedly stole around 1.3 terabytes of data, including databases on ticket sales and
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Esxi
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dark Angels Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
2 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 453 by Pierluigi Paganini
CERT-EU
6 months ago
Security breach at Johnson Controls highlights smart building supply chain concerns
Securityaffairs
6 months ago
Security Affairs newsletter Round 446 by Pierluigi Paganini
Securityaffairs
8 months ago
Ransomware attack on Johnson Controls may have exposed sensitive DHS data
CERT-EU
8 months ago
Building automation giant Johnson Controls hit by ransomware attack
Securityaffairs
3 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
8 months ago
Security Affairs newsletter Round 440 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 449 by Pierluigi Paganini
Securityaffairs
24 days ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
6 months ago
Security Affairs newsletter Round 447 by Pierluigi Paganini
Securityaffairs
2 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 452 by Pierluigi Paganini
Securityaffairs
3 days ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
CERT-EU
8 months ago
Ransomware group demands $51 million from Johnson Controls after cyber attack - Cyber Security Review
CERT-EU
8 months ago
Industrial Control Systems Company Held To Ransom
Securityaffairs
4 months ago
Security Affairs newsletter Round 456 by Pierluigi Paganini