Thedarkoverlord appears to be returning to their old activities after a roughly six-month long hiatus. Two new data breaches attributed to the criminal group Thedarkoverlord were discovered yesterday. The first targeted organization was a real estate firm called “Caribbean Island Properties.” Thedarkoverlord claims to have gained access to the organization’s systems through a user account which used a weak password–supposedly “12345.” The group then claimed to have targeted the domain admin account which they claimed used the password “CiP@12345.” In their statement, they indicated that they were also operating an account that they created through the domain admin account called “Support” which they then utilized to exfiltrate large amounts of data from the firm’s systems. The group then deleted files from the company’s servers and have offered to return the information to them if they transfer 100,000 GBP in Bitcoin (approximately 33.27 BTC or $127,000 USD) over a one-year period. They also required a 30,000 GBP down payment in Bitcoin (9.98 BTC or $38,000 USD) to be made before Christmas and then follow-up transfers of 5.833 Bitcoin every month after that. The second target was the California-based company Prime Staff Inc., an outsourced personnel and administrative services organization. Thedarkoverlord made a similar request of Prime Staff requesting $50,000 USD (13.07 BTC) over a one-year period, $25,000 (6.54 BTC) if paid before Christmas day, or a third option of $37,500 (9.82 BTC) over a one-year period if they would vouch for the ethics and reliability of Thedarkoverlord to their future “clients,” which is what Thedarkoverlord calls their victims.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased