Menu
Browse

Cyber Threat Actor: DarkNightmare Group

Actor Type Location Known Incidents
 Icon
Nation State
Iran
1 incident
Profile

The threat actor tracked as DarkNightmare Group is referenced in open source reports under that alias. Analysts note that the group’s geographic origin is indicated as Iran in the available reporting. No public disclosures describe the group’s size, organizational structure, or financial resources. The actor has not been linked to any named malware families or specific toolsets in the sources consulted. Attribution to a state sponsor or criminal consortium is not asserted in the material examined. The group’s activity record consists of a single confirmed intrusion that has been documented. This limited visibility prevents any assessment of recurring patterns or operational tempo. Consequently, the actor is described only by the facts that are explicitly present in the incident reports.

On July 16, 2019, the Bahamas Ministry of Tourism disclosed a security incident affecting its digital environment. Officials characterized the incident as a virus infection that spread across the ministry’s information systems. The infection resulted in the corruption or unavailability of multiple digital files stored on the servers. The Minister of Tourism confirmed the breach in a public statement issued after the discovery. The minister specified that the compromise was detected on a Tuesday, providing a temporal marker. The minister’s statement did not assign responsibility to any particular group or actor. No technical details regarding the virus strain, infection vector, or payload have been released. The report does not mention any ransom demand, data exfiltration, or financial gain associated with the event. Likewise, no evidence points to espionage‑related objectives or state‑directed goals in the disclosed information. Because the incident description is limited to a generic virus impact, no specific initial access method can be inferred. This single event remains the sole publicly cited operation attributed to DarkNightmare Group. As a result, any broader characterization of the group’s typical targets, sectors, or strategic intent remains unsupported by the current evidence.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources