DarkSide, a cybercriminal gang that allegedly disbanded following the Colonial Pipeline ransomware attack, may not stay out of the hacking game for long, according to a new report. Key government cybersecurity and counterintelligence officials stated that while DarkSide may have actually halted its operations, the group could re-emerge under a different alias. DarkSide’s cybercrime operations were sophisticated and lucrative, as the group recently received a $4.4 million payout from Colonial Pipeline in its last attack. Research from blockchain analytics firm Elliptic shows that DarkSide successfully extorted more than $90 in Bitcoin before announcing that they would disband.
Assistant Attorney General of the Department of Justice’s National Security Division John Demers stated that the Colonial Pipeline attack highlighted that other nation-states often serve as a safe haven for cybercriminals, stating that certain countries were turning a blind eye to criminal activity within their borders. Demers added that successful groups like DarkSide often reappear with a different name and new techniques, often taking several months to regroup and strategize.
Read More: Feds Warn DarkSide May Not Stay Dark