Menu
Browse

Cyber Threat Actor: NightLion

Actor Type Location Known Incidents
 Icon
Hacker
United States of America
1 incident
Profile

NightLion is a threat actor known by that alias and believed to be based in the United States of America. The actor came to public attention in July 2020 when they breached the data leak monitoring service DataViper, which is operated by Night Lion Security. During the intrusion the actor allegedly exfiltrated over 8,200 databases that collectively contain information from billions of users gathered from historical breaches. The stolen data was described as mostly comprising older leaks with only limited newer additions. After obtaining the data the actor posted detailed evidence of the breach on a dark web portal, including JSON samples of the exfiltrated databases and proof of access to the compromised system. The service’s operator confirmed that the attacker gained unauthorized access to a test environment but maintained that no critical systems were compromised and that the claim of sensitive data theft was disputed.

The operator suggested that the actor’s primary aim might have been to damage his reputation ahead of a scheduled conference presentation. Additionally, the operator speculated that the perpetrator could be attempting to sell independently acquired databases under the guise of stolen material from DataViper. The operator also noted a possible affiliation with known cybercriminal groups such as TheDarkOverlord and ShinyHunters, although this connection was not publicly verified. The observed tactics involved accessing a development or test server, extracting large collections of breach‑derived data, and publishing proof of the intrusion on a hidden web service. No specific malware families, initial access vectors, or custom tooling were described in the available reporting. The DataViper incident remains the most notable and publicly documented operation attributed to NightLion.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
1 source