Dunghill Leak

Malware updated 3 months ago (2024-08-14T09:19:39.222Z)

Download STIX

Preview STIX

The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, although not particularly well-branded, was used to disclose their attacks and shame their victims. Some of the notable victims listed on the site include global food distribution firm Sysco, which experienced a ransomware attack in May 2023, and travel booking giant Sabre, targeted by the Dark Angels in September 2023. Dunghill Leak has claimed responsibility for several high-profile cyberattacks, including those against coin-operated game maker Incredible Technologies, food giant Sysco, and automotive products maker Gentex. The group alleges to have stolen large amounts of data during these attacks. For example, they claim to have accessed about 500 GB of data from one company, including game files and tax payment reports, and approximately 1.3 terabytes of data from another, encompassing databases on ticket sales, passenger turnover, employees' personal data, and corporate financial information. Despite its activities, little is known about Dunghill Leak. Researchers believe that it is essentially a rebranded version of the Dark Angels, continuing the latter's legacy of cyber extortion. As of now, the group continues to operate, making headlines with its attacks on major corporations and leaking sensitive data on its dark web site. Security researchers are closely monitoring its activities to understand its tactics, techniques, and procedures better, and develop effective countermeasures.

Description last updated: 2024-08-14T08:57:15.738Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.

Alias Description	Votes
Dark Angels is a possible alias for Dunghill Leak. Dark Angels, a threat actor group with malicious intent, has emerged as a significant cybersecurity concern since its first appearance in May 2022. Known for their ransomware attacks, the group has been involved in several high-profile cybercrimes, targeting large corporations and stealing vast amou	3
Babuk is a possible alias for Dunghill Leak. Babuk is a form of malware, specifically ransomware, that infiltrates computer systems and encrypts files, rendering them inaccessible to the user. It typically infects systems through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operatio	2

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Dunghill Leak Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	4 months ago	Low-Drama ‘Dark Angels’ Reap Record Ransoms
CERT-EU	a year ago	Ransomware gang claims credit for Sabre data breach \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Malwarebytes	2 years ago	Ransomware review: May 2023
CERT-EU	a year ago	New ransomware group Dunghill Leak claims responsibility for Sabre cyberattack
CERT-EU	a year ago	Ransomware gang claims credit for Sabre data breach \| TechCrunch