Cyber Threat Actor: SchwererGustav
| Actor Type | Location | Known Incidents |
Criminal
|
Germany
|
1 incident |
|---|
Profile
The threat actor known by the aliasSchwererGustav has been identified in open source reporting as operating from Germany.
This alias appears in connection with distributed denial-of-service activities targeting online platforms.
No additional aliases or alternative names are provided in the available material.
The actor’s geographic base is the only location detail that is publicly attested.
All further personal identifiers such as real name or age remain undisclosed in the sources.
Reporting links SchwererGustav to a prolonged DDoS campaign against the dark web marketplace Empire Market in August 2020.
Empire Market facilitated the trade of illicit goods including drugs, chemicals, counterfeit items, jewelry and credit card data, and accepted cryptocurrencies such as Bitcoin, Litecoin and Monero.
The attack disrupted the market’s accessibility for users attempting to browse listings, place orders or withdraw funds from escrow.
The disruption persisted for multiple days and contributed to the market’s eventual permanent shutdown.
Users reported concerns about funds held in escrow being inaccessible following the outage.
The described TTP consists of a volumetric distributed denial-of-service effort that saturated the target’s network resources, rendering the site unreachable.
No specific malware families, exploit kits, or initial access vectors are mentioned in the sources regarding this actor.
The operation against the market is cited as a representative example of the actor’s public activity, illustrating the capability to sustain a long-lasting DDoS barrage.
The outcome included the loss of access to escrow funds for both buyers and vendors, highlighting collateral impact on the underground economy.
No further campaigns, tooling details, or affiliations with state entities or criminal consortia are documented in the presently available information.
