Cyber Incident Victim: GS Polymers, Inc.
Date:
Dec 2016
Location:
United States of America
Summary
TheDarkOverlord compromised GS Polymers, Inc., exfiltrating corporate documents including consignment inventories, routine correspondence, and personal files related to the founder. The attackers publicly released a sample of the stolen data and issued extortion demands, threatening full disclosure unless the company cooperated. GS Polymers refused to engage, leading to the initial leak, with further releases implied if demands remained unmet. The incident mirrored concurrent attacks on other firms, leveraging stolen data for coercive leverage. No evidence suggested classified or sensitive defense-related materials were involved in this specific breach, though law enforcement scrutiny intensified due to TDO's broader targeting of entities with government contracts.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
TheDarkOverlord (TDO) publicly disclosed a cyberattack against GS Polymers, Inc. on December 25, 2016, through a "press release" posted on a public paste site. TDO claimed the Mira Loma, California-based manufacturer of polyurethane and epoxy products had refused to cooperate with their extortion demands. The threat actor released a limited set of sample documents from GS Polymers to pressure founder Gerald (Jerry) Salladin into compliance, threatening a full data release if demands remained unmet. Leaked materials included consignment inventory records, routine corporate correspondence, and two personal files belonging to Salladin. No classified or defense-related documents were identified in the GS Polymers sample, distinguishing it from TDO's contemporaneous breach of Pre-Con Products, which involved Navy contract materials. GS Polymers did not respond to DataBreaches.net's inquiries regarding the intrusion timeline, detection methods, or ransom amount demanded by TDO.
The incident exposed operational and potentially sensitive founder-related information, creating reputational and operational risks for the company. TDO's established pattern of escalating leaks when extortion demands were refused—as seen in prior healthcare and WestPark Capital breaches—suggested imminent threats of additional data exposure or dark web sales. Unlike co-target DRI Title & Escrow, which acknowledged the breach and implemented security enhancements, GS Polymers maintained no public response or remediation statement. The attack formed part of TDO's broader campaign against non-healthcare targets during late 2016, with the group explicitly warning of pending disclosures involving additional unnamed victims beyond the three confirmed entities. Law enforcement interest in TDO intensified following these incidents due to potential national security implications from defense contractor breaches, though GS Polymers' compromise appeared limited to commercial and personal data.