Menu
Browse

Cyber Threat Actor: DarkRace

Actor Type Location Known Incidents
 Icon
Crime Syndicate
0 incidents
Profile

DarkRace is a cybercriminal group known for conducting ransomware attacks against corporate entities, employing data theft and encryption to extort payments. The group maintains a data leak site hosted on Tor networks to publicly pressure victims by threatening to release stolen information. Its name bears similarity to the cybersecurity firm Darktrace, though no operational connection between the two entities has been documented. DarkRace follows the ransomware-as-a-service model common among contemporary cybercriminal operations, leveraging double extortion tactics that combine file encryption with threats to publish sensitive data unless ransoms are paid.

The group has demonstrated a focus on Italian logistics and maritime sectors, as evidenced by its June 2023 attack on CONATECO, a Naples-based container terminal operator. During this intrusion, DarkRace exfiltrated 46GB of data including corporate documents and operational details, subsequently disrupting the victim's public-facing web services. The attack aligns with typical ransomware objectives of financial gain through coercive tactics rather than espionage or destruction. DarkRace's public communications include detailed victim profiling, as seen in their CONATECO breach announcement that accurately described the company's market position and geographic significance.

Technical indicators from the CONATECO incident reveal standard enterprise ransomware tradecraft: initial network compromise leading to data exfiltration, followed by encryption of systems and deployment of ransom notes. The group uses onion-service-based leak sites to host stolen data and communicate with victims, though specific malware families or initial access vectors remain unspecified in available reports. DarkRace operates as a criminal consortium without publicly attributed state affiliations, mirroring the business-oriented structures of groups like DarkSide or BlackMatter. The CONATECO breach represents the most prominently documented operation attributed to this actor, illustrating their targeting of mid-sized industrial organizations with regional economic importance.

Incidents
Attributed incidents available to members
0 incidents
Sources
Sources available to members
18 sources