Cyber Incident Victim: Gorilla Glue
Date:
Nov 2016
Location:
United States of America
Summary
Hackers from The Dark Overlord breached Gorilla Glue, exfiltrating over 500GB of sensitive data including intellectual property, product designs, financial records, contracts, and personal employee photos. The group provided a sample of stolen documents—such as internal spreadsheets, invoices, and executive correspondence—to the company and media as proof, demanding ransom to prevent public release. This tactic aligns with their history of extorting organizations by threatening data exposure, though the company did not publicly acknowledge the incident or confirm any compromise.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around November 17, 2016, hackers from the group known as The Dark Overlord breached the systems of Gorilla Glue, a U.S.-based manufacturer of adhesives, tapes, and glue products. The attackers claimed to have exfiltrated over 500 gigabytes of sensitive company data, including research and development materials, intellectual property, product designs, and internal business documents. They also asserted unauthorized access to Dropbox accounts and personal email accounts linked to the family-run company’s executives and staff. As proof of the compromise, The Dark Overlord provided Motherboard with a 200-megabyte cache of stolen files, which included financial spreadsheets, invoices, strategic planning documents, corporate presentations, banking contracts, and other proprietary records not publicly available. Forensic analysis by Motherboard confirmed the authenticity of portions of the data, including personal photographs of Gorilla Glue executives that matched publicly available images of employees but yielded no reverse image search matches, indicating the photos were not previously circulated online. The hackers did not disclose their initial attack vector or methods used to infiltrate Gorilla Glue’s networks.
Gorilla Glue’s corporate leadership did not respond to multiple inquiries from Motherboard via phone calls, emails, or messages left with the company’s main office. Similarly, external entities named in the leaked documents—such as invoice recipients and contractual partners—did not provide statements when contacted. The FBI declined to confirm or deny whether it initiated an investigation into the breach. The Dark Overlord’s history of extorting medical organizations by threatening to publish stolen data unless paid a ransom suggested this incident followed a comparable pattern, with the group likely seeking financial leverage over Gorilla Glue. Their decision to share samples of the data with media outlets aligned with prior tactics to amplify pressure on victims through public exposure. No evidence indicated the hackers released the full dataset at the time of reporting, though their past behavior included listing stolen information on dark web platforms to intensify intimidation efforts. The breach exposed operational and financial vulnerabilities within Gorilla Glue’s infrastructure, compromising both corporate assets and private employee materials.