Menu
Browse

Cyber Threat Actor: Mark Nsd

Actor Type Location Known Incidents
 Icon
Criminal
Russia
1 incident
Profile

Mark Nsd is an alias used by a threat actor whose known location is Russia. The actor came to public attention in March 2014 after launching a distributed denial-of-service attack against the email marketing service Mad Mimi. No other aliases or personal details about the individual behind the name have been disclosed in open sources. The incident is the only publicly documented activity attributed to this actor.

On March 30, 2014, Mad Mimi’s network was flooded with traffic, causing intermittent service disruptions. The attacker sent an email demanding 1.8 bitcoins, worth roughly eight hundred thirty dollars at the time, to halt the flood. The message stated that the attack would stop for 24 hours while awaiting payment and warned that further strikes would follow if the demand was ignored. Mad Mimi refused to pay, implemented mitigation measures, and reported the incident to law enforcement. The company noted that it experienced only temporary connectivity issues because of its own security upgrades and problems with its network provider. In its public statement, Mad Mimi referenced similar extortion attempts against Meetup and Basecamp, emphasizing a collective decision not to negotiate with the perpetrators. The actor’s communication was signed with the name Mark Nsd, which has remained the sole identifier linked to the campaign.

The reported tactics limited to a volumetric DDoS attack followed by a Bitcoin extortion demand; no malware, exploit kits, or social engineering techniques were described. Initial access vectors, persistence mechanisms, or tooling specifics were not disclosed in the coverage. No public attribution to a state sponsor, intelligence service, or organized criminal group has been made for Mark Nsd. The actor’s strategic objective, as expressed in the ransom note, appears to be financial gain through extortion rather than espionage or pure disruption. Because only a single campaign has been documented, broader patterns of targeting sectors or regions cannot be inferred from the available information. Thus the profile rests on the confirmed facts of the 2014 Mad Mimi incident and the associated alias and location.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source