Dunghill

Dunghill is a threat actor or ransomware gang that has been operational since early 2023, according to WatchGuard. Its modus operandi involves launching cyber attacks on organizations, encrypting their data, and demanding a ransom in return for its release. Dunghill is known for its high-profile breaches, including the one on Johnson Controls last year. The group uses a data leak site named 'Dunghill Leaks' to exert pressure on its victims. Launched by Dark Angels in April 2023, this platform threatens to publish stolen data if the demanded ransom is not paid. In recent events, Michigan-based technology company Gentex Corporation disclosed a breach by the Dunghill ransomware gang last month. In addition, technology distributor ScanSource confirmed that a ransomware attack caused multiday system outages. Dunghill claimed on its data leak site to have stolen 1TB of data from Nexperia, threatening to publish the rest of the data if its ransom demand is not met. The group is also demanding a hefty $51 million ransom, warning that failure to pay will result in the stolen data being published on the "Dunghill Leaks" site. The cybersecurity industry is closely monitoring the activities of Dunghill. Alex Delamotte, senior threat researcher at SentinelOne, noted that the ransom notes from Dunghill contain an onion link to the Dunghill Leaks site, which is associated with Dark Angels. However, he added that no data attributed to Johnson Controls is currently displayed on the Dunghill Leaks site. As Dunghill continues to pose a significant threat to corporate security, organizations are urged to enhance their cybersecurity measures to mitigate the risk of such attacks.