Menu
Browse

Cyber Threat Actor: Black Vader

Actor Type Location Known Incidents
 Icon
Hacker
United Kingdom
1 incident
Profile

Black Vader isthe alias used by a threat actor whose known operational base is located in the United Kingdom. Public reporting identifies this individual as the perpetrator behind a specific extortion incident that targeted UK‑based IPTV services in early 2021. No additional aliases or geographic details have been disclosed in open sources. The actor’s identity remains unverified beyond the alias and the location indicated in the attributed incident.

The actor’s demonstrated focus has been on the media and entertainment sector, specifically on providers of internet protocol television services operating within the United Kingdom. In the observed incident, the actor’s objectives appeared to be financial gain through ransom demands coupled with a disruption motive, as evidenced by the threat to release subscriber data to law enforcement and the offer to forego payment if the services ceased operations entirely. These actions indicate a dual aim of extracting monetary compensation while causing operational harm to the targeted companies.

The tactics, techniques, and procedures exhibited in the reported activity include website defacement, the issuance of ransom demands, and the threat of leaking subscriber information to authorities as leverage. No specific malware families, exploit kits, or initial access vectors have been described in the public account of this operation. Attribution to any state‑sponsored group or criminal consortium has not been established, and the actor appears to operate independently based on the available information. The most notable publicly reported operation involving Black Vader is the February 2021 compromise of KS‑Hosting.com and a connected IPTV provider, which resulted in service downtime, extortion attempts, and the potential exposure of user data. This incident remains the primary reference point for understanding the actor’s behavior and capabilities.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources