Dunghill

Threat Actor Profile Updated 25 days ago
Download STIX
Preview STIX
Dunghill is a threat actor or ransomware gang that has been operational since early 2023, according to WatchGuard. Its modus operandi involves launching cyber attacks on organizations, encrypting their data, and demanding a ransom in return for its release. Dunghill is known for its high-profile breaches, including the one on Johnson Controls last year. The group uses a data leak site named 'Dunghill Leaks' to exert pressure on its victims. Launched by Dark Angels in April 2023, this platform threatens to publish stolen data if the demanded ransom is not paid. In recent events, Michigan-based technology company Gentex Corporation disclosed a breach by the Dunghill ransomware gang last month. In addition, technology distributor ScanSource confirmed that a ransomware attack caused multiday system outages. Dunghill claimed on its data leak site to have stolen 1TB of data from Nexperia, threatening to publish the rest of the data if its ransom demand is not met. The group is also demanding a hefty $51 million ransom, warning that failure to pay will result in the stolen data being published on the "Dunghill Leaks" site. The cybersecurity industry is closely monitoring the activities of Dunghill. Alex Delamotte, senior threat researcher at SentinelOne, noted that the ransom notes from Dunghill contain an onion link to the Dunghill Leaks site, which is associated with Dark Angels. However, he added that no data attributed to Johnson Controls is currently displayed on the Dunghill Leaks site. As Dunghill continues to pose a significant threat to corporate security, organizations are urged to enhance their cybersecurity measures to mitigate the risk of such attacks.
What's your take? (Question 1 of 2)
a5a7f580-0eac-4e35-8885-ab7f71362c7d Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Ransom
Data Leak
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Dunghill Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
CERT-EU
a year ago
Gentex confirms data breach by Dunghill ransomware actors | TechTarget
CERT-EU
a year ago
Gentex confirms data breach by Dunghill ransomware actors | #ransomware | #cybercrime – National Cyber Security Consulting
InfoSecurity-magazine
a month ago
Chipmaker Giant Nexperia Confirms Cyber-Attack Amid Ransomware Group C
CERT-EU
9 months ago
Ransomware spreading gang reveals visa details of working employees in America - Cybersecurity Insiders
CERT-EU
8 months ago
Cyberattack against Johnson Controls sparks downstream concerns | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
CERT-EU
8 months ago
Building automation giant Johnson Controls hit by ransomware attack
CERT-EU
8 months ago
Cyberattack against Johnson Controls sparks downstream concerns
CERT-EU
a year ago
May ransomware activity rises behind 8base, LockBit gangs | TechTarget
CERT-EU
a year ago
May ransomware activity rises behind 8base, LockBit gangs | #ransomware | #cybercrime | National Cyber Security Consulting
CERT-EU
8 months ago
Ransomware group demands $51 million from Johnson Controls after cyber attack