Delaware, USA – January 2, 2019 – On the eve of the New Year, the Dark Overlord group, infamous for their attacks on financial and media companies, posted on Pastebin an announcement of readiness to disclose stolen data related to the September 11 attacks. Cybercriminals shared via torrent file 10Gb of encrypted data and demanded Hiscox Syndicates Ltd to pay a ransom; otherwise, they will start to publish decryption keys for different sets of files. These files were stolen at the beginning of the 2018 year from one of the law firms handling cases related to the 9/11 attacks. Hiscox Syndicates already paid a ransom for keeping the files in secret, however, according to the adversaries, they “violated the agreement and began cooperating with law enforcement” and therefore have to pay again. Dark Overlord also published several files to confirm the authenticity of the stolen data and offered possible buyers and potential victims to contact them to purchase the most valuable files. The stolen data includes emails, communications with government officials, dealings with the FBI and other confidential communication.
The Dark Overlord group has been known since 2016, the attackers steal sensitive data, but instead of selling it on underground forums, they prefer to get a bitcoin ransom from victims for silence. Not all victims report data breaches, and therefore it is difficult to determine the tools used by hackers, almost all attempts to arrest members of the group have come to nothing. Threat Detection Marketplace contains hundreds of rules and rule packs mapped to Mitre ATT&CK to spot tools and techniques used by cybercriminals and APT groups: https://my.socprime.com/en/tdm/