Dunghill Leak

Malware updated 25 days ago (2024-08-14T09:19:39.222Z)

Download STIX

Preview STIX

The Dunghill Leak is a relatively new ransomware and extortion group that emerged from the Dark Angels ransomware, which itself originated from the Babuk ransomware. It first came to light in April 2023 when the Dark Angels launched their victim shaming site called Dunghill Leak. This platform, although not particularly well-branded, was used to disclose their attacks and shame their victims. Some of the notable victims listed on the site include global food distribution firm Sysco, which experienced a ransomware attack in May 2023, and travel booking giant Sabre, targeted by the Dark Angels in September 2023. Dunghill Leak has claimed responsibility for several high-profile cyberattacks, including those against coin-operated game maker Incredible Technologies, food giant Sysco, and automotive products maker Gentex. The group alleges to have stolen large amounts of data during these attacks. For example, they claim to have accessed about 500 GB of data from one company, including game files and tax payment reports, and approximately 1.3 terabytes of data from another, encompassing databases on ticket sales, passenger turnover, employees' personal data, and corporate financial information. Despite its activities, little is known about Dunghill Leak. Researchers believe that it is essentially a rebranded version of the Dark Angels, continuing the latter's legacy of cyber extortion. As of now, the group continues to operate, making headlines with its attacks on major corporations and leaking sensitive data on its dark web site. Security researchers are closely monitoring its activities to understand its tactics, techniques, and procedures better, and develop effective countermeasures.

Description last updated: 2024-08-14T08:57:15.738Z

What's your take? (Question 1 of 2)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
Dark Angels	3	Dark Angels, a Russia-based cybercrime syndicate, emerged as a significant threat actor in the cybersecurity landscape since its first appearance in May 2022. Known for stealing substantial amounts of data from major companies across diverse sectors such as healthcare, finance, government, and educa
Babuk	2	Babuk is a type of malware, specifically ransomware, that infiltrates systems to encrypt files and hold them for ransom. This malicious software can infect your system through suspicious downloads, emails, or websites, often without the user's knowledge. Once inside, it can disrupt operations by enc

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Ransomware

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the Dunghill Leak Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Krebs on Security	a month ago	Low-Drama ‘Dark Angels’ Reap Record Ransoms
CERT-EU	a year ago	Ransomware gang claims credit for Sabre data breach \| #ransomware \| #cybercrime \| National Cyber Security Consulting
Malwarebytes	a year ago	Ransomware review: May 2023
CERT-EU	a year ago	New ransomware group Dunghill Leak claims responsibility for Sabre cyberattack
CERT-EU	a year ago	Ransomware gang claims credit for Sabre data breach \| TechCrunch