The DarkSide ransomware group conducted several high-profile breaches, including the US-based Colonial Pipeline Company incident in May 2021. The DarkSide has established the Ransomware as a Service (RaaS) model and expanded its operations with the participation of other threat actors.
In this research, we investigated Tactics, Techniques, and Procedures (TTPs) and also tools utilized by the DarkSide threat actors to understand their attack methods and the impact of their breaches. The most exciting finding was that only 9% of used tools in DarkSide attack campaigns were malware. 91% of utilized tools by DarkSide threat actors are publicly available and legitimate tools that are using known attack techniques.
Some key findings from this research:
Discover all TTPs and tools used by DarkSide threat actors by downloading this report.