{"id":40856,"date":"2021-05-12T20:54:00","date_gmt":"2021-05-12T20:54:00","guid":{"rendered":"https:\/\/www.darkreading.com\/operations\/putting-the-spotlight-on-darkside\/d\/d-id\/1340997"},"modified":"2021-05-12T20:54:00","modified_gmt":"2021-05-12T20:54:00","slug":"putting-the-spotlight-on-darkside","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/","title":{"rendered":"Putting The Spotlight on DarkSide"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<header><\/header>\n<p><span class=\"strong black\">Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack.<\/span><\/p>\n<p class>Details continue to emerge about the ransomware attack that hit Colonial Pipeline late last week, forcing the major US pipeline operator to take some systems offline and temporarily halt pipeline operations. The FBI has linked ransomware-as-a-service (RaaS) group DarkSide to the attack.<\/p>\n<p>Colonial Pipeline runs a system spanning 5,500 miles between Houston, Texas, and northern New Jersey, delivering about 45% of the fuel for the East Coast, the company says. In an update&nbsp;<a href=\"https:\/\/www.colpipe.com\/news\/press-releases\/media-statement-colonial-pipeline-system-disruption\" target=\"_blank\" rel=\"noopener noreferrer\">published May 12<\/a>, officials reported they had initiated the restart of pipeline operations and note it will take several days for the product delivery supply chain to return to normal.&nbsp;<\/p>\n<p>Since its system was taken offline, Colonial has delivered about 967,000 barrels, or 41 million gallons, to delivery points along the pipeline, the company said in a May 11 update. It prepared for the system reboot with delivery of 2 million more barrels from refineries for deployment upon restarting. It has also boosted aerial patrol of its pipeline and deployed personnel to walk or drive some 5,000 miles of the pipeline daily.<\/p>\n<p>On May 12, the company confirmed to The Washington Post it&nbsp;<a href=\"https:\/\/www.washingtonpost.com\/business\/2021\/05\/12\/gas-shortage-colonial-pipeline-live-updates\/\" target=\"_blank\" rel=\"noopener noreferrer\">would not be paying the ransom<\/a>. Rather, it is working to restore data from backups where possible and rebuild systems for which backups are not available.<\/p>\n<p>Additional updates include&nbsp;<a href=\"https:\/\/us-cert.cisa.gov\/ncas\/current-activity\/2021\/05\/11\/joint-cisa-fbi-cybersecurity-advisory-darkside-ransomware\" target=\"_blank\" rel=\"noopener noreferrer\">an advisory&nbsp;<\/a>from the FBI and the Department of Homeland Security&#8217;s Cybersecurity and Infrastructure Security Agency (CISA), which warn of the DarkSide ransomware group and provide guidance on strengthening security practices.<\/p>\n<p>A ransomware attack on a utility company is not unusual for DarkSide or the industrial sector. Earlier this year, DarkSide was connected to attacks on Brazilian electric utilities Eletrobras and Copel, which were forced to temporarily stop some operations. But this attack seems to have more reach than the DarkSide operators expected, and shortly after the attack they released a statement to state that &#8220;our goal is to make money, and not creating problems for society.&#8221;<\/p>\n<p>The group went further to say they planned to &#8220;introduce moderation and check each company that our partners want to encrypt&#8221; to avoid potential social repercussions from future attacks.<\/p>\n<p>&#8220;This appears to be a reaction to the spotlight that has now been put on them,&#8221; says Peter Mackenzie, incident response manager at Sophos, which had been hired to respond to, or intervene in, earlier attacks from the ransomware group. &#8220;DarkSide [is] a sophisticated group of attackers responsible for some of the most devastating attacks we see at the moment.&#8221;<\/p>\n<p>The RaaS group emerged in August 2020. Its operators and partners have targeted organizations across more than 15 countries and several industries, including financial services, legal, manufacturing, professional services, retail, and tech. It doesn&#8217;t target hospitals, schools, universities, nonprofits, or the public sector, according to&nbsp;<a href=\"https:\/\/www.fireeye.com\/blog\/threat-research\/2021\/05\/shining-a-light-on-darkside-ransomware-operations.html\" target=\"_blank\" rel=\"noopener noreferrer\">a technical writeup<\/a>&nbsp;from Mandiant, which was reportedly called to help respond to the Colonial Pipeline attack.<\/p>\n<p>DarkSide&#8217;s owners share profits with affiliates who conduct the attacks, provide access to target organizations, and deploy the ransomware. It&#8217;s believed the operators are mainly responsible for maintaining the platform their partners use to customize ransomware files, deciding which leaked information goes on their leak site, and handling negotiations, Mackenzie explains. The group&#8217;s affiliates likely have experience playing the same role for other ransomware syndicates.<\/p>\n<p>&#8220;The first attack we investigated we believe was the original threat actor behind DarkSide, as they didn&#8217;t have much interest in getting paid. They were happy for data to be leaked instead to help make a name for themselves,&#8221; he says. &#8220;The following incidents were likely affiliates, but it is difficult to be sure.&#8221;<\/p>\n<p>Because of the way DarkSide operates, it&#8217;s unclear how much control the group&#8217;s owners have over affiliates who break into networks and launch ransomware,&nbsp;<a href=\"https:\/\/news.sophos.com\/en-us\/2021\/05\/11\/a-defenders-view-inside-a-darkside-ransomware-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">Sophos researchers explain<\/a>.<\/p>\n<p>This is a big question following the Colonial Pipeline attack: Was this the work of the DarkSide group itself or the work of one of its many partners? Mandiant has identified at least five Russian-speaking attackers who may currently be, or have previously been, DarkSide affiliates. Some attackers who claim to use DarkSide&#8217;s services have also allegedly partnered with other RaaS affiliate programs, including Babuk and Sodinokibi, or REvil, Mandiant researchers report.<\/p>\n<p><strong>Standing Out from The Pack<\/strong><br \/>DarkSide is one of many advanced groups targeting organizations today. It has many similarities to Ryuk, REvil, DoppelPaymer, and others, Mackenzie says. Most of these groups employ the same general approach of gaining network access, compromising domain admin credentials, creating lists of target servers and infrastructure, and identifying backups and sensitive data.<\/p>\n<p>&#8220;Then when they are ready, often days or weeks after first gaining access, they will deploy the ransomware like a normal application that an admin might deploy,&#8221; he notes. Like many others, DarkSide uses the &#8220;double extortion&#8221; technique of first exfiltrating large amounts of data and then encrypting the network before threatening to publish the data if the ransom demand isn&#8217;t met.<\/p>\n<p>In some ways, DarkSide is different. The group not only attacks Windows machines; it deploys Executable and Link Format (ELF) binaries to target data on Linux devices as well. The Linux version of its ransomware specifically targets VMDK files, Sophos reports, noting these are virtual hard disk drives to be used in virtual machines, including VMware and VirtualBox.<\/p>\n<p><strong>What Organizations Can Do<\/strong><br \/>Are these attacks happening more often, or are we simply hearing about them more often? Marty Edwards, vice president of OT security at Tenable, says &#8220;it is a little bit of both.&#8221;<\/p>\n<p>Data supports his point: New research from Check Point reveals a&nbsp;<a href=\"https:\/\/blog.checkpoint.com\/2021\/05\/12\/the-new-ransomware-threat-triple-extortion\/\" target=\"_blank\" rel=\"noopener noreferrer\">102% increase<\/a>&nbsp;in ransomware attacks this year compared with early 2020, with healthcare and utilities topping the most targeted sectors since the beginning of April 2021. Last year, it is estimated ransomware cost global businesses some $20 billion \u2013 nearly 75% more than the cost in 2019.<\/p>\n<p>&#8220;Organizations are to be applauded for their increased transparency during incidents such as these and, as a result, we are hearing about them more often,&#8221; Edwards says. &#8220;Most experts tend to agree that the tempo is also increasing, meaning that there are more and more of these attacks happening every single day.&#8221;<\/p>\n<p>While this attack affected Colonial&#8217;s enterprise network, it underscores how businesses must consider the interconnected nature of OT operations. While many organizations feel they have highly segmented OT networks to include industrial control systems, ICS security firm Dragos notes this is often not the case.<\/p>\n<p>&#8220;It is common to hear about pending IT-OT convergence, but in reality much of that convergence took place a decade ago, and the preventative controls, such as segmentation, that the organizations had in place have atrophied over time through misconfigurations, additional devices, or just the nature of needing increased connectivity for the business,&#8221; Dragos experts&nbsp;<a href=\"https:\/\/www.dragos.com\/blog\/industry-news\/recommendations-following-the-colonial-pipeline-cyber-attack\/\" target=\"_blank\" rel=\"noopener noreferrer\">wrote in a blog post<\/a>.<\/p>\n<p>Monitoring the crown jewels of an organization should be a top priority, they said. Security teams should also know what the most relevant logs are, where they are kept, and how long they are available \u2013 a must-have when responding to an attack like this one. Experts also advise installing network monitoring across internal OT networks for visibility into IT\/OT connections.<\/p>\n<p><span class=\"italic\">Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance &amp; Technology, where she covered financial &#8230; <a href=\"https:\/\/www.darkreading.com\/author-bio.asp?author_id=837\">View Full Bio<\/a><\/span><\/p>\n<p><strong>Recommended Reading:<\/strong><\/p>\n<p><span class=\"smaller strong red allcaps\">More Insights<\/span><\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/operations\/putting-the-spotlight-on-darkside\/d\/d-id\/1340997?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Incident responders share insight on the DarkSide ransomware group connected to the recent Colonial Pipeline ransomware attack. Read More <a href=\"https:\/\/www.darkreading.com\/operations\/putting-the-spotlight-on-darkside\/d\/d-id\/1340997?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-40856","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Putting The Spotlight on DarkSide 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Putting The Spotlight on DarkSide 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-05-12T20:54:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Putting The Spotlight on DarkSide\",\"datePublished\":\"2021-05-12T20:54:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/\"},\"wordCount\":1256,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/\",\"name\":\"Putting The Spotlight on DarkSide 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"datePublished\":\"2021-05-12T20:54:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#primaryimage\",\"url\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\",\"contentUrl\":\"https:\\\/\\\/img.deusm.com\\\/darkreading\\\/dr_staff_125x125.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/putting-the-spotlight-on-darkside\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Putting The Spotlight on DarkSide\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Putting The Spotlight on DarkSide 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/","og_locale":"en_US","og_type":"article","og_title":"Putting The Spotlight on DarkSide 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-05-12T20:54:00+00:00","og_image":[{"url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Putting The Spotlight on DarkSide","datePublished":"2021-05-12T20:54:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/"},"wordCount":1256,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/","url":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/","name":"Putting The Spotlight on DarkSide 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#primaryimage"},"thumbnailUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","datePublished":"2021-05-12T20:54:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#primaryimage","url":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg","contentUrl":"https:\/\/img.deusm.com\/darkreading\/dr_staff_125x125.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/putting-the-spotlight-on-darkside\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Putting The Spotlight on DarkSide"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40856","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=40856"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/40856\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=40856"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=40856"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=40856"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}