d4rk4rmy

Ransomware group profile

24Victims

IndiaSource country

44Impact score

Description

d4rk4rmy, also known as DARKARMY, is a ransomware group that surfaced in June 2025, characterized by its politically themed motives and a double extortion model. It operates as a Ransomware-as-a-Service provider, targeting high-profile organizations while promoting anti-capitalist messaging and maintaining a work ethic that avoids critical infrastructure attacks.

Key insights

•Utilizes a double extortion model, combining file encryption with public data leaks.
•Functions as a Ransomware-as-a-Service (RaaS) provider offering hacking-for-hire services.
•Focuses on data exfiltration primarily, emphasizing financial and reputational coercion.
•Maintains a politically themed narrative, promoting a 'Communist Ransomware Party' ideology.
•Initial access gained by exploiting vulnerabilities in backend systems.

Industries

Education Financial Services Hospitality Manufacturing Other Professional Services Technology Transportation

Threat Level & Status Breakdown

For d4rk4rmy · Based on incidents in selected period

2.2threat level

Aggressiveness5/ 10

Lethality0/ 10

Criticality1.4/ 10

Status Breakdown

Claimed54.2%13

First seenJul 2025

Last seenAug 2025

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for d4rk4rmy in the selected period

24Total attacks

13peak in Aug

12avg / month

↑ 2 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for d4rk4rmy

d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for d4rk4rmy

Other

T1486

T1490

T1078

T1021

T1562

T1040

T1106

T1589

T1547

T1059

T1047

T1041

Victims(24)

Company	Domain	Country	Industry	Status	Discovered
MMA TRANSFERS [LEAKED]	—	GB United Kingdom	Transportation	Claimed	10 months ago
THE MILLENNIUM GROUP	tmgofficeservices.com	US United States	Professional Services	Claimed	10 months ago
VINSON & ELKINS LLP	velaw.com	US United States	Professional Services	Claimed	10 months ago
MMA TRANSFERS	mmatransfers.com	GB United Kingdom	Transportation	Unknown	10 months ago
BRIDGEWATER ASSOCIATES	bridgewater.com	US United States	Financial Services	Unknown	10 months ago
MAGELLAN FINANCIAL GROUP	magellangroup.com.au	AU Australia	Technology	Unknown	10 months ago
ONEX CANADA ASSET MANAGEMENT INC	onex.com	CA Canada	Financial Services	Unknown	10 months ago
TSAI CAPITAL	tsaicapital.com	US United States	Financial Services	Unknown	10 months ago
MIZUHA FINANCIAL GROUP	mizuhogroup.com	JP Japan	Transportation	Unknown	10 months ago
CASINO DE MONTE-CARLO	montecarlosbm.com	MC Monaco	Hospitality	Claimed	10 months ago
DIMERCO	dimerco.com	TW Taiwan	Transportation	Claimed	10 months ago
BIG ROCK RESORT	bigrockresort.net	US United States	Hospitality	Claimed	10 months ago
MONTE-CARLO	—	MC Monaco	Hospitality	Claimed	10 months ago
Digitall Evolution	—	BR Brazil	Financial Services	Claimed	11 months ago
VINHAS E REDENSCHI ADVOGADOS	—	BR Brazil	Professional Services	Claimed	11 months ago
ELZAB [LEAKED]	—	PL Poland	Technology	Claimed	10 months ago
BIG SILVER [LEAKED]	—	TH Thailand	Manufacturing	Claimed	10 months ago
Digitall Evolution [LEAKED]	—	BR Brazil	Technology	Claimed	10 months ago
Loyola University Chicago	—	US United States	Education	Claimed	11 months ago
BIG SILVER	bigsilvermanu.com	TH Thailand	Manufacturing	Unknown	11 months ago

Page 1 of 2

Affected countries(13)

Countries where this group has been reported to target or leak victims.

🇦🇺Australia 🇧🇷Brazil 🇨🇦Canada 🇬🇧United Kingdom 🇮🇳India 🇯🇵Japan 🇲🇨Monaco 🇵🇱Poland Puerto Rico 🇹🇭Thailand Taiwan, Province of China 🇺🇸United States 🇿🇦South Africa