Menu
Browse

DarkSly

Primary URL Location Industry
Undetermined
Country
Technology Icon
Technology
Profile

DarkSly operates as a self‑proclaimed greyhat hacker whose primary activity involves gaining unauthorized access to corporate networks and exfiltrating sensitive data. After compromising a target, the actor typically attempts to disclose the discovered vulnerabilities and negotiate a bug bounty payment, often demanding cryptocurrency in exchange for deleting the stolen information. If negotiations fail, DarkSly has threatened to release the data publicly or sell it to third parties.

In the November 2019 incident, DarkSly claimed to have breached Hyundai’s systems and extracted approximately 550,000 records containing personal details such as full names, email addresses, bank information, monthly salaries and phone numbers, mainly belonging to customers in Saudi Arabia and Iraq. The actor stated that no passwords or credit‑card data were included in the taken dataset. Subsequently, the same individual turned to Jaguar/LandRover, asserting that database credentials and root‑certificate access were obtained across several regional branches, although the exact volume of data taken was not disclosed. Throughout the episode, DarkSly maintained persistent access to both companies’ environments while seeking a 1 BTC bounty for vulnerability disclosure and data deletion.

The actor’s self‑identification as a greyhat reflects a claimed intention to expose security weaknesses rather than purely malicious profit‑driven motives, yet the accompanying extortion attempts blur that distinction. DarkSly’s focus on the automotive sector demonstrates a specialised interest in manufacturers that hold large volumes of consumer and operational data. The combination of vulnerability disclosure, monetary negotiation, and threats of data sale constitutes a distinctive modus operandi observed in the reported activity.

No public information indicates that DarkSly is affiliated with any larger organisation, parent company, or subsidiary structure; the entity is known solely by the alias used in the breach reports. Consequently, details regarding ownership, formal governance, or organisational scale are unavailable in the supplied sources.

Incidents
Linked incidents available to members
1 incident