HOMETHREATSDark Power
APT / THREAT GROUP

Dark Power

1
aliases

Intelligence Profile

Dark Power is a ransomware group first observed in January 2023, known for targeting small to mid-sized organizations across education, healthcare, manufacturing, and information technology sectors. The group uses a double-extortion model, encrypting files and threatening to leak exfiltrated data via a Tor-based site if ransom demands are not met. Written in the Nim programming language, Dark Power ransomware appends the .dark_power extension to encrypted files and drops a ransom note named README.txt, giving victims 72 hours to contact them. The note typically demands payment in cryptocurrency and offers to negotiate. Victims have been observed in North America, Asia, and Europe, with attacks often involving exploitation of vulnerable public-facing systems or stolen credentials.

Threat Analysis

Dark Power is a known-sophistication threat actor of undetermined national origin, engaged in cyber operations with a primary motivation of unknown activity patterns.

External References

Quick Facts

TypeAPT / Threat Group
Aliases1

Also Known As

Dark Power

Research Links

Data sourced from Malpedia, Ransomware.live, RansomLook, and CTIWATCH OSINT collection. Actor attribution is based on available intelligence and may be incomplete.
Dark Power — APT / Threat Group | Threat Intelligence | CTIWATCH.COM