Serbian authorities yesterday announced the arrest of a Belgrade man for his alleged affiliation with The Dark Overlord, a malicious cyber threat actor known for extorting U.S. schools, hospitals and entertainment companies, often after stealing their data or content.
A press release published by Serbia’s Ministry of Internal Affairs (MUP) refers to the suspect only by the initials “S.S.,” but suggests that the individual may just be one individual in a much larger criminal network.
“The aim of the campaign was to uncover a large number of people who, using the name ‘The Dark Overlord’ on the internet, have been [gaining] unauthorized access to computer networks and data of at least 50 victims since June 2016, and have been [stealing] U.S. citizen information and personal data, including data on ownership and intellectual property, sensitive data on health insurance, treatment, and others,” reads an English-translated version of the release.
The FBI conducted the arrest operation in conjunction with the Ministry of Internal Affairs’ Criminal Police Directorate, as well as Serbia’s Special Prosecution for High-Tech Crime.
Last year, the Dark Overload leaked stolen Orange is the New Black episodic content from Netflix last year after the entertainment company refused a Bitcoin ransom demand. The malicious actor has also threatened to leak medical records — including celebrity plastic surgery images lifted from a U.K. firm — and has even threatened to physically harm school children, sending educational districts and local parents emails containing stolen personal information on local kids.
In total, victims have paid more than $275,000 in extortion money, Serbian authorities reported.
Despite the arrest, The Dark Overlord may still be intact and operation. In an article published today, Motherboard reports that it received the receive “We’re still here” from someone in control of an email account long used by the threat group.