Dark Angels

Threat Actor updated a month ago (2024-11-29T14:51:40.541Z)
Download STIX
Preview STIX
Dark Angels, a threat actor group with malicious intent, has emerged as a significant cybersecurity concern since its first appearance in May 2022. Known for their ransomware attacks, the group has been involved in several high-profile cybercrimes, targeting large corporations and stealing vast amounts of data. They have notably claimed the theft of 1TB of data from chipmaker Nexperia. In addition to data theft, Dark Angels have also targeted companies such as Johnson Controls and global food distribution firm Sysco, causing substantial disruption and financial loss. In February 2024, Dark Angels received unprecedented attention when they reportedly received a record-breaking $75 million ransom payment from an unidentified Fortune 50 company, possibly pharmaceutical giant Cencora. This marked the largest single ransom payment ever recorded, highlighting the increasing severity and financial implications of the group's activities. Despite their reluctance to deploy ransomware malware due to the potential business disruption it causes, this event demonstrated their capacity for high-stakes extortion. The Dark Angels' modus operandi includes publishing stolen data from victims who refuse to pay the demanded ransom, thereby adding reputational damage to the financial impact. Notable instances include the attack on travel booking giant Sabre in September 2023, where customer data was exposed following a ransomware attack. The rising threat posed by Dark Angels underscores the urgent need for robust cybersecurity measures and proactive response strategies to mitigate the risk and impact of such attacks.
Description last updated: 2024-09-26T19:18:28.422Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Dunghill Leak is a possible alias for Dark Angels. The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, alth
4
Babuk is a possible alias for Dark Angels. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio
2
RansomedVC is a possible alias for Dark Angels. RansomedVC, a new threat actor in the cybersecurity landscape, has emerged as a significant concern due to its unorthodox approaches and deceptive tactics. This group is suspected to be an enterprise of a single individual threat actor, who has previously been associated with other cybercrime operat
2
Dunghill is a possible alias for Dark Angels. Dunghill is a threat actor, also known as a hacking group, that has been active since early 2023 according to WatchGuard. The group operates under the umbrella of the Dark Angels ransomware group, which itself has been active since May 2022. Dunghill is notorious for its malicious activities involvi
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Esxi
Extortion
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Dark Angels Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Krebs on Security
3 months ago
BankInfoSecurity
4 months ago
Securityaffairs
4 months ago
BankInfoSecurity
4 months ago
InfoSecurity-magazine
4 months ago
Securityaffairs
4 months ago
Krebs on Security
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
DARKReading
5 months ago
Securityaffairs
5 months ago
InfoSecurity-magazine
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
5 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago
Securityaffairs
6 months ago