APT / THREAT GROUP
Dark
3
aliases
Last seen:Mar 17, 2026
Intelligence Profile
Mirai variant exploiting CVE-2021-20090 and CVE2021-35395 for spreading.
Threat Analysis
Dark is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.
Intelligence Reports Mentioning Dark
The Hacker's 2026 Playbook: Dark Web Tactics Targeting You
Huntress Blog· Jun 29, 2026
Inside the 2026 SMB threat landscape: From phishing and scams to fake AI tools
Securelist (Kaspersky)· Jun 25, 2026
Do CISOs Need a Code of Ethics?
Dark Reading· Jun 24, 2026
Inside the dark web: Stolen identities for 95¢, malware, and scams-for-hire
Malwarebytes Labs· Jun 23, 2026
Junior Hacker Used Tailscale and OpenSSH to Keep Access After His C2 Went Offline
The Hacker News· Jun 17, 2026
AI in the underground: Curiosity, claims, and concerns
Sophos X-Ops· Jun 16, 2026
Bankruptcy admin approves settlement fund of $47 million for 23andMe data breach victims
The Record· Jun 12, 2026
Early Warning Signs of Supply-Chain Attacks Live in the Dark Web
BleepingComputer· Jun 12, 2026
External References
Quick Facts
TypeAPT / Threat Group
Aliases3
Also Known As
elf.darkDarkDark.IoT
External Intelligence
Malpedia: elf.darkResearch Links
Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.