Dark Web Profile: dAn0n Hacker Group – SOCRadar® Cyber Intelligence Inc.

Keypoints

• The dAn0n Hacker Group emerged at the end of April 2024 and has published information about 13 victims on its data leak site (DLS).
• They may operate as both a data broker and ransomware-facing actor, but evidence of actual ransomware activity is not yet substantiated.
• Initial access is reportedly gained via phishing emails, followed by deployment of custom ransomware binaries and obfuscated scripts to execute payloads.
• Victimology shows 13 companies affected, with 12 in the United States and 1 in Ireland, spanning sectors such as healthcare, legal, insurance, and construction.
• The DLS publicly shares victim data, including status updates and negotiations, with files receiving substantial views (e.g., over 60 thousand views).
• While some group references describe ransomware activity, the article notes that the term “ransomware group” may be used loosely by the cybersecurity community for data-extortion actors.
• Mitigation guidance emphasizes data classification/encryption, least-privilege access, network segmentation, employee training, incident response planning, backups, and third-party risk management, with SOCRadar highlighted as a detection/response aid.