Cyber Incident Victim: Precon Products
Date:
Dec 2016
Location:
United States of America
Summary
TheDarkOverlord breached Precon Products, leaking sensitive documents including defense-related contracts, a fatal workplace accident video, and personal data from an operations manager's iPhone. The attackers issued a ransom demand, threatening further releases if unpaid. While the company had Navy contracts, the leaked materials contained no classified information. TDO also targeted other firms, employing similar extortion tactics by releasing samples to pressure payments, highlighting broader cybersecurity risks beyond the initial victim.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In December 2016, TheDarkOverlord (TDO) hacking group breached Pre-Con Products Ltd, a Simi Valley-based precast concrete and construction company operating since 1963. On December 17, TDO published a press release on a public paste site announcing the compromise while the company's website remained offline "for maintenance." The attackers exfiltrated contracts, operational documents, and sensitive multimedia content including video and photographic evidence of an apparent fatal workplace accident at Precon. TDO also leaked a dump from the operation manager’s iPhone containing personal photos of children alongside corporate data. While some compromised files related to Precon’s work for the U.S. Navy included designs and schematics, none carried classification markings such as "Secret," "FOUO," or "Classified." TDO issued an extortion demand, offering to "stop the bleeding" if Precon cooperated financially, though the specific ransom amount remained undisclosed. The group threatened further data releases if unpaid, consistent with their established pattern of escalating leaks to pressure victims.
The incident elevated law enforcement scrutiny due to potential national security implications from exposure of defense-related materials, despite no confirmed classified documents being compromised. Precon Products did not publicly acknowledge the breach or respond to media inquiries regarding incident discovery methods or remediation steps. TDO’s December 25 tweet referencing "SECRET" source code unrelated to Precon further demonstrated the group’s broader targeting of multiple organizations, including DRI Title & Escrow and GS Polymers. DataBreaches.net confirmed the authenticity of leaked Precon files but withheld publication links due to sensitive accident imagery and personal content. The breach exposed operational vulnerabilities, contractual details, and potentially damaging visual evidence of workplace safety failures while creating reputational risks from unresolved extortion demands. TDO indicated additional unreleased data from Precon remained under their control as leverage.