ATK73

Presumed Origin: United States, United Kingdom, Serbia < Back

Alias: Professional Adversarial Threat Group, TAG-CR4, TDO, The Dark Overlord

ATK73 (aka: The Dark Overlord) is a highly-skilled cybercrime actor (possibly a well-structured cybercrime syndicate) active since at least mid 2016. It entered the public spotlight following the 2017 hack of Larson Studios, and the subsequent release of an entire season of the TV show “Orange is the New Black.” The Dark Overlord’s key business model is to hack into low, medium and high-profile organizations, mostly in the healthcare, education, and media production sectors in the US and UK, and subsequently put the stolen data up for sale or demand ransom from its victims. The Dark Overlord appears to primarily be a financially-driven threat actor, with a proven history of success, and likely millions of dollars in profits. The threat actor has been prevalently active on Darknet marketplaces and hacking forums, where he tries to sell “private” databases (databases that are not in the public domain yet), but also other goods, such as software source code.

 

Alleged Members: Nathan Wyatt AKA “Crafty Cockney”/“mas” - alleged member arrested in September 2016. Grant West AKA “Courvoisier” - alleged member arrested in Kent (UK) in May 2018. S.S. - alleged member arrested in Belgrade (Serbia) on May 16, 2018.

 

 

REFERENCES

Target sector

  • Casino & Gaming
  • Education
  • Financial Services
  • Government and administration agencies
  • Healthcare
  • High-Tech
  • Legal Services
  • Manufacturing
  • Media
  • Naval
  • Pharmacy and drug manufacturing

Target countries

  • United Kingdom Of Great Britain And Northern Ireland
  • United States Of America

Attack pattern

  • T1046 - Network Service Scanning
  • T1133 - External Remote Services
  • T1190 - Exploit Public-Facing Application
  • T1485 - Data Destruction

Motivation

  • Financial Gain

Malwares

Vulnerabilities