Menu
Browse

Cyber Threat Actor: dalem leinda

Actor Type Location Known Incidents
 Icon
Criminal
—
2 incidents
Profile

The threat actor operating under the alias "dalem leinda" is publicly associated with a disruptive distributed denial-of-service (DDoS) campaign targeting the online dating sector in 2014. This individual or entity employed the email address [email protected] to communicate ransom demands during attacks, demonstrating a preference for direct extortion tactics. The actor's sole confirmed operation impacted Plenty of Fish, a high-traffic dating platform with approximately one million affected users across its website and mobile applications. This incident reveals a deliberate focus on consumer-facing digital services where operational disruption carries immediate financial and reputational consequences for the victim organization.

Technical analysis of the Plenty of Fish attack highlights the threat actor's use of network time protocol (NTP) amplification techniques to generate a 40 Gigabit-per-second assault, significantly exceeding the scale of similar attacks observed during the same period. The methodology indicates practical knowledge of protocol exploitation for traffic amplification, though no additional tooling or malware deployment was documented. The five-hour attack window suggests either calculated precision in timing or potential limitations in sustaining prolonged offensive operations against enterprise-grade mitigation systems. Targeting explicitly centered on forcing service unavailability through overwhelming volumetric attacks rather than data exfiltration or persistent network compromise.

Financial motivation remains the only explicitly cited objective, with the actor demanding $2,000 in Bitcoin to cease hostilities—a relatively modest ransom sum compared to subsequent DDoS extortion trends. No verifiable affiliations with state actors or organized cybercrime groups have been publicly attributed to this entity. The absence of overlapping infrastructure or tactics with other known threat groups in contemporaneous reports isolates this incident as a discrete operation. Public documentation remains limited to this single campaign, with no subsequent activities conclusively linked to the "dalem leinda" alias through authoritative sources.

Incidents
Attributed incidents available to members
2 incidents
Sources
Sources available to members
0 sources