Threat Management

Serbian man arrested for alleged connections to Dark Overlord cyber extortion campaigns

Serbian authorities yesterday announced the arrest of a Belgrade man for his alleged affiliation with The Dark Overlord, a malicious cyber threat actor known for extorting U.S. schools, hospitals and entertainment companies, often after stealing their data or content.

A press release published by Serbia's Ministry of Internal Affairs (MUP) refers to the suspect only by the initials "S.S.," but suggests that the individual may just be one individual in a much larger criminal network.

"The aim of the campaign was to uncover a large number of people who, using the name 'The Dark Overlord' on the internet, have been [gaining] unauthorized access to computer networks and data of at least 50 victims since June 2016, and have been [stealing] U.S. citizen information and personal data, including data on ownership and intellectual property, sensitive data on health insurance, treatment, and others," reads an English-translated version of the release.

The FBI conducted the arrest operation in conjunction with the Ministry of Internal Affairs' Criminal Police Directorate, as well as Serbia's Special Prosecution for High-Tech Crime.

Last year, the Dark Overload leaked stolen Orange is the New Black episodic content from Netflix last year after the entertainment company refused a Bitcoin ransom demand. The malicious actor has also threatened to leak medical records -- including celebrity plastic surgery images lifted from a U.K. firm -- and has even threatened to physically harm school children, sending educational districts and local parents emails containing stolen personal information on local kids.

In total, victims have paid more than $275,000 in extortion money, Serbian authorities reported.

Despite the arrest, The Dark Overlord may still be intact and operation. In an article published today, Motherboard reports that it received the receive "We're still here" from someone in control of an email account long used by the threat group.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.