Dark Angels

Threat Actor updated 17 days ago (2024-08-21T18:18:04.123Z)

Download STIX

Preview STIX

Dark Angels, a Russia-based cybercrime syndicate, emerged as a significant threat actor in the cybersecurity landscape since its first appearance in May 2022. Known for stealing substantial amounts of data from major companies across diverse sectors such as healthcare, finance, government, and education, Dark Angels has managed to maintain a relatively low profile despite its impactful activities. The group's operations are characterized by reluctance to deploy ransomware malware, which typically locks up the target’s IT infrastructure causing significant business disruption. Instead, their modus operandi involves large-scale data theft followed by ransom demands. The Dark Angels group has been linked to several high-profile cyberattacks. In one notable instance, they claimed responsibility for the theft of 1TB of data from chipmaker Nexperia. Their reach has extended to other significant entities, including global food distribution firm Sysco, which suffered a ransomware attack in May 2023, and travel booking giant Sabre, targeted by Dark Angels in September 2023. If victims fail to meet their demands, the group follows a common practice among ransom gangs of publishing the stolen data. In terms of financial impact, Dark Angels has set records with their ransom demands. The most striking case occurred in February when they received a $75 million ransom payment, the largest ever recorded, potentially from pharmaceutical giant Cencora. This event underscores the serious implications of the group's activities, highlighting the necessity for robust cybersecurity measures to counteract such threats.

Description last updated: 2024-08-21T18:16:05.928Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Dunghill Leak	3	The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, alth
Babuk	2	Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc
RansomedVC	2	RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat
Dunghill	2	Dunghill is a threat actor, also known as a hacking group, that has been active since early 2023 according to WatchGuard. The group operates under the umbrella of the Dark Angels ransomware group, which itself has been active since May 2022. Dunghill is notorious for its malicious activities involvi

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Ransom

Esxi

Extortion

Malware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Dark Angels Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
BankInfoSecurity	17 days ago	Ransomware Again on Track to Achieve Record-Breaking Profits
Securityaffairs	18 days ago	Ransomware payments rose from $449.1 million to $459.8 million
BankInfoSecurity	19 days ago	The Upside-Down, Topsy-Turvy World of Ransomware
InfoSecurity-magazine	23 days ago	Another Record Year For Ransomware Beckons as Crypto Profits Hit $460m
Securityaffairs	a month ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Krebs on Security	a month ago	Low-Drama ‘Dark Angels’ Reap Record Ransoms
Securityaffairs	a month ago	security-affairs-malware-newsletter-round-5
Securityaffairs	a month ago	Security Affairs newsletter Round 483 by Pierluigi Paganini – INTERNATIONAL EDITION
DARKReading	a month ago	Fortune 50 Co. Pays Record-Breaking $75M Ransomware Demand
Securityaffairs	a month ago	Pharma Giant Cencora confirmed the theft of personal and health information
InfoSecurity-magazine	a month ago	Researchers Uncover Largest Ever Ransomware Payment of $75m
Securityaffairs	a month ago	A Fortune 50 company paid a record-breaking $75 million ransom
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	2 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	2 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	3 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION