TheDarkOverLord announces that they are officially back in business (Source)
TheDarkOverlord, one of the threat actors that DarkOwl analysts routinely monitor, has apparently resurfaced last week. In a recent series of posts, an entity claiming to be TheDarkOverlord is advertising a database of personal health information as well as user information taken from an unnamed gaming site – both of which are being offered for sale to willing buyers.
TheDarkOverlord is a hacker – or potentially a collection of personas – who regularly targets the healthcare industry, leaking thousands to millions of patient records.
In the post (pictured below), TheDarkOverlord advertises that they have over 67,000 patient records for sale, stolen from medical and dental practices in California, Missouri, and New York.
The forum listing advertises that these databases include personal and health information including full names, physical addresses, phone numbers, DOBs, driver’s license numbers, SSNs, medical histories, and much more. A specific price point was not provided; rather, the prices are “negotiable.” Interested buyers were instructed to send TheDarkOverlord an encrypted message using the forum’s private messaging system.
TheDarkOverlord also states that they’d be willing to entertain higher offers for data that “no one else will have,” giving the potential transaction a level of exclusivity that will likely attract a certain type of buyer and grab even more public interest.
Screenshot of TheDarkOverlord posting about medical records on Kickass Forum
Screenshot of TheDarkOverlord posting about medical records on Kickass Forum (as displayed in DarkOwl Vision)
On the same day, TheDarkOverlord posted a listing on the same Kickass Forum’s marketplace for 131,000 records from an “unnamed gaming website.” As advertised, these records include users’ email addresses, passwords, DOBs, IP addresses, and much more.
So far, it would appear that TheDarkOverlord is taking serious inquiries only. For example, in the comment section for the post below, someone asked for the name of the gaming website in questions, and TheDarkOverlord responded that they would like “proof of funds and intent to purchase” before disclosing any additional information.
Screenshot of TheDarkOverlord posting about gaming user info on Kickass Forum
Screenshot of TheDarkOverlord posting about gaming user info on Kickass Forum (as displayed in DarkOwl Vision)
Both postings on Kickass Forum remain live at time of publication. DarkOwl analysts will continue to track TheDarkOverlord and post updates here.