Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.
Sometimes the actors add the menace of a distributed denial-of-service (DDoS) attack if the message recipient does not comply with the instructions in the message.
The attackers behind this activity use the name Midnight and started targeting companies in the U.S. since at least March 16.
They have also impersonated some ransomware and data extortion gangs in emails and claimed to be the authors of the intrusion, stealing hundreds of gigabytes of important data.
In one email to the employee of a holding company in the industry of petroleum additives, the threat actor claimed to be the
Silent Ransom Group (SRG) - a splinter of the Conti syndicate focused on stealing data and extorting the victim, also known as
Luna Moth.
The same message, however, used in the subject line the name of another threat actor, the
Surtr ransomware group, first seen to encrypt company networks in December 2021.
BleepingComputer found another email from Midnight Group, professing that they were the authors of the data breach and that they stole 600GB of “essential data” from the servers.
The messages were sent to the address of a senior financial planner that had left the target company more than half a year before.
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}
