Bringing cybersecurity globally to critical and complex key activities
Alias: Professional Adversarial Threat Group, TAG-CR4, TDO, The Dark Overlord
ATK73 (aka: The Dark Overlord) is a highly-skilled cybercrime actor (possibly a well-structured cybercrime syndicate) active since at least mid 2016. It entered the public spotlight following the 2017 hack of Larson Studios, and the subsequent release of an entire season of the TV show “Orange is the New Black.” The Dark Overlord’s key business model is to hack into low, medium and high-profile organizations, mostly in the healthcare, education, and media production sectors in the US and UK, and subsequently put the stolen data up for sale or demand ransom from its victims. The Dark Overlord appears to primarily be a financially-driven threat actor, with a proven history of success, and likely millions of dollars in profits. The threat actor has been prevalently active on Darknet marketplaces and hacking forums, where he tries to sell “private” databases (databases that are not in the public domain yet), but also other goods, such as software source code.
Alleged Members: Nathan Wyatt AKA “Crafty Cockney”/“mas” - alleged member arrested in September 2016. Grant West AKA “Courvoisier” - alleged member arrested in Kent (UK) in May 2018. S.S. - alleged member arrested in Belgrade (Serbia) on May 16, 2018.
REFERENCES
14/07/2016, Bankinfo Security, ‘The Dark Overlord’ Advertises Stolen Source Code
16/11/2016, Motherboard, Hackers Threaten Release of Atlanta Professional Athletes’ Medical Data
17/11/2016, Motherboard, Hackers Claim Theft of Data from Gorilla Glue
25/09/2016, Vocativ, Man Connected To Pippa Middleton Hack Reveals Exclusive Details
26/07/2016, Digital Shadows, Thedarkoverlord – losing his patients?
28/09/2016, HackRead, DarkNet Hackers ‘DarkOverlord’ Hack WestPark Capital Bank for Ransom
28/11/2016, Graham Cluley, No, I won’t help you blackmail the company you just hacked
29/06/2016, Bankinfo Security, Here’s How a Hacker Extorts a Clinic
02/05/2017, Motherboard, Meet the Hackers Holding Netflix to Ransom
10/05/2017, Daily Beast, ‘Dark Overlord’ Hackers Text Death Threats to Students, Then Dump Voicemails From Victims
13/03/2018, Global Legal Post, US law firm hack hits global insurer
16/05/2018, Bleeping Computer, Suspected Member of TheDarkOverlord Hacking Group Arrested in Serbia
27/09/2018, Digital Shadows, Thedarkoverlord Out to KickAss and Cash Out Their Data
02/01/2019, Forbes, Who Is The Dark Overlord Threatening To Leak Sensitive 9/11 Documents?
10/01/2019, DataBreaches.net, “Crafty Cockney,” associate of thedarkoverlord, fighting extradition to the U.S. after being charged with hacking, extorting, U.S. medical entities in 2016
08/01/2019, CyberScoop, The Dark Overlord was recruiting employees and looking for attention before 9/11 data dump
24/01/2019, SenseCy, What will The Dark Overlord Do Next – a CTI Assessment
18/12/2019, Z.net, https://www.zdnet.com/article/member-of-the-dark-overlord-hacking-group-extradited-to-the-us/