Darkbit

Threat Actor Profile Updated 24 days ago
Download STIX
Preview STIX
DarkBit is a notable threat actor in the cybersecurity landscape, believed to be sponsored by the Iranian government. The group first gained significant attention following a ransomware and extortion attack on Technion, a leading research university in Israel, in February 2023. During this attack, another threat group, DEV-1084, assumed the DarkBit persona, likely to mask their involvement. Further analysis of DarkBit's activities was presented in a VB2023 paper titled "Darkbit decoded: analysis of an Iranian-sponsored attack," which provided an in-depth examination of the group's tactics, techniques, and procedures. The group's modus operandi involves leaving encrypted files with the extension DARKBIT and dropping a ransom note. Their operations have been linked to several malware tools, including Play, Qilin, BianLian, and BlackCat, which are known to partially encrypt files. In response to these threats, CyberArk released a novel ransomware decryptor named White Phoenix in May 2023. This tool enables partial recovery for files subjected to intermittent encryption as performed by the aforementioned ransomware operations. It's noteworthy that the White Phoenix ransomware decryptor has been tested against documents that BlackCat had encrypted, showing potential for it to work on files that other malware tools might only partially encrypt. Furthermore, DarkBit's activities are not limited to Iran or Israel. They have also been implicated in a global ransomware spree targeting unpatched VMWare servers. As such, understanding and mitigating the risks posed by DarkBit remains a priority in the cybersecurity sector.
What's your take? (Question 1 of 5)
b240b907-ad31-4c01-803b-f3068e781ff4 Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Telegram
Bitcoin
Ransomware
Ransom
Israel
Malware
Cybercrime
Extortion
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
AlphvUnspecified
2
AlphV, also known as BlackCat, is a significant threat actor within the cybercrime landscape. Throughout 2023, AlphV has been responsible for numerous high-profile ransomware attacks, stealing significant amounts of data from various organizations. The group claimed responsibility for hacking Clario
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Darkbit Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
DARKReading
a year ago
Israel's Top Tech University Targeted by DarkBit Ransomware
CSO Online
a year ago
Hackers attack Israel’s Technion university, demand over $1.7 million in ransom
CSO Online
a year ago
DarkBit puts data from Israel’s Technion university on sale
BankInfoSecurity
a year ago
Israel's Technion University Under Ransomware Attack
CERT-EU
a year ago
New cybercrime group calling itself DarkBit attacks Israeli university
CERT-EU
a year ago
Hackers Target Israel’s Technion Demanding Huge Sum In Bitcoin | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker - National Cyber Security
CERT-EU
a year ago
Iran-Based Hackers Caught Carrying Out Destructive Attacks Under Ransomware Guise
CERT-EU
8 months ago
Virus Bulletin :: Teasing the secrets from threat actors: malware configuration extractors
CSO Online
a year ago
Iranian APT group launches destructive attacks in hybrid Azure AD environments
CERT-EU
a year ago
After apparent hack, data from Australian tech giant Atlassian dumped online
CERT-EU
a year ago
The cost of expected cybersecurity mandates: bigger energy bills for consumers
CERT-EU
a year ago
'Pig butchering' scams on the rise, luring victims with promises of relationships and riches
CERT-EU
a year ago
Why the US needs the Bureau of Cyber Statistics right now
CSO Online
a year ago
UK universities at high risk of cybersecurity incidents due to breached credentials
DARKReading
a year ago
Free Tool Unlocks Some Encrypted Data in Ransomware Attacks
CERT-EU
a year ago
Newly identified APT group's motives in Ukraine baffle researchers
CERT-EU
a year ago
Novel White Phoenix ransomware decryptor published
CERT-EU
a year ago
Staten Island Hospital operating in network downtime amid ransomware attack
CERT-EU
a year ago
Cryptojacking added to updated RapperBot DDoS botnet
CERT-EU
9 months ago
Signs of MuddyWater Developments Found in the DNS