{
	"id": "9027df28-c323-4b22-8da3-935b62ff3924",
	"created_at": "2026-04-06T00:11:38.157875Z",
	"updated_at": "2026-04-10T03:33:15.553591Z",
	"deleted_at": null,
	"sha1_hash": "7015778b29c1050d1b4092ec0204b6c4ee58b849",
	"title": "Darktrace: Investigation found no evidence of LockBit breach",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 1578598,
	"plain_text": "Darktrace: Investigation found no evidence of LockBit breach\r\nBy Sergiu Gatlan\r\nPublished: 2023-04-14 · Archived: 2026-04-05 19:27:22 UTC\r\nCybersecurity firm Darktrace says it found no evidence that the LockBit ransomware gang breached its network after the\r\ngroup added an entry to their dark web leak platform, implying that they stole data from the company's systems.\r\nHours after the gang claimed DarkTrace as a victim on their data leak site, the company conducted an investigation and\r\nfound no evidence of a breach of their systems.\r\n\"Our security teams have run a full review of our internal systems and can see no evidence of compromise,\" Darktrace said.\r\nhttps://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nOn Friday, the company's Chief Information Security Officer Mike Beck reiterated the same conclusion after a thorough\r\ninvestigation of their systems.\r\n\"We have completed a thorough security investigation following yesterday's tweets by LockBit claiming they had\r\ncompromised Darktrace's internal systems,\" said Beck.\r\n\"We can confirm that there has been no compromise of our systems or any of our affiliate systems. Our service to our\r\ncustomers remains uninterrupted and is operating as normal and no further action is required.\"\r\nIt is now apparent that LockBit messed up, confusing Darktrace with threat intelligence company DarkTracer which tweeted\r\nabout the gang's leak site being flooded with fake victims.\r\n\"The reliability of the RaaS service operated by LockBit ransomware gang seems to have declined,\" DarkTracer said.\r\n\"They appear to have become negligent in managing the service, as fake victims and meaningless data have begun to fill the\r\nlist, which is being left unattended.\"\r\nLockBit Darktrace fake leak (BleepingComputer)\r\nThis is not the first time LockBit claimed they'd breached a cybersecurity company's systems by mistake or intentionally.\r\nLast year, in June, the ransomware gang also added Mandiant to their leak website, saying that more than 350,000 files they\r\nhad allegedly stolen would be published.\r\nHowever, as it happened with Darktrace, Mandiant told BleepingComputer that it hadn't found any evidence of a breach.\r\nIn the end, LockBit's claims that they hacked Mandiant proved to be nothing more than a feeble attempt to distance the\r\noperation from the Evil Corp cybercrime gang following a Mandiant report linking the two after Evil Corp switched to\r\ndeploying LockBit ransomware in their attacks to evade U.S. sanctions.\r\nUnlike this week, when Darktrace was listed as a victim because of confusion, Mandiant being tagged as a victim was\r\nprompted by LockBit's fears of lost revenue if victims stopped paying ransoms since the U.S. government sanctioned Evil\r\nCorp in December 2019.\r\nhttps://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/\r\nhttps://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bleepingcomputer.com/news/security/darktrace-investigation-found-no-evidence-of-lockbit-breach/"
	],
	"report_names": [
		"darktrace-investigation-found-no-evidence-of-lockbit-breach"
	],
	"threat_actors": [
		{
			"id": "50068c14-343c-4491-b568-df41dd59551c",
			"created_at": "2022-10-25T15:50:23.253218Z",
			"updated_at": "2026-04-10T02:00:05.234464Z",
			"deleted_at": null,
			"main_name": "Indrik Spider",
			"aliases": [
				"Indrik Spider",
				"Evil Corp",
				"Manatee Tempest",
				"DEV-0243",
				"UNC2165"
			],
			"source_name": "MITRE:Indrik Spider",
			"tools": [
				"Mimikatz",
				"PsExec",
				"Dridex",
				"WastedLocker",
				"BitPaymer",
				"Cobalt Strike"
			],
			"source_id": "MITRE",
			"reports": null
		},
		{
			"id": "b296f34c-c424-41da-98bf-90312a5df8ef",
			"created_at": "2024-06-19T02:03:08.027585Z",
			"updated_at": "2026-04-10T02:00:03.621193Z",
			"deleted_at": null,
			"main_name": "GOLD DRAKE",
			"aliases": [
				"Evil Corp",
				"Indrik Spider ",
				"Manatee Tempest "
			],
			"source_name": "Secureworks:GOLD DRAKE",
			"tools": [
				"BitPaymer",
				"Cobalt Strike",
				"Covenant",
				"Donut",
				"Dridex",
				"Hades",
				"Koadic",
				"LockBit",
				"Macaw Locker",
				"Mimikatz",
				"Payload.Bin",
				"Phoenix CryptoLocker",
				"PowerShell Empire",
				"PowerSploit",
				"SocGholish",
				"WastedLocker"
			],
			"source_id": "Secureworks",
			"reports": null
		},
		{
			"id": "9806f226-935f-48eb-b138-6616c9bb9d69",
			"created_at": "2022-10-25T16:07:23.73153Z",
			"updated_at": "2026-04-10T02:00:04.729977Z",
			"deleted_at": null,
			"main_name": "Indrik Spider",
			"aliases": [
				"Blue Lelantos",
				"DEV-0243",
				"Evil Corp",
				"G0119",
				"Gold Drake",
				"Gold Winter",
				"Manatee Tempest",
				"Mustard Tempest",
				"UNC2165"
			],
			"source_name": "ETDA:Indrik Spider",
			"tools": [
				"Advanced Port Scanner",
				"Agentemis",
				"Babuk",
				"Babuk Locker",
				"Babyk",
				"BitPaymer",
				"Bugat",
				"Bugat v5",
				"Cobalt Strike",
				"CobaltStrike",
				"Cridex",
				"Dridex",
				"EmPyre",
				"EmpireProject",
				"FAKEUPDATES",
				"FakeUpdate",
				"Feodo",
				"FriedEx",
				"Hades",
				"IEncrypt",
				"LINK_MSIEXEC",
				"MEGAsync",
				"Macaw Locker",
				"Metasploit",
				"Mimikatz",
				"PayloadBIN",
				"Phoenix Locker",
				"PowerShell Empire",
				"PowerSploit",
				"PsExec",
				"QNAP-Worm",
				"Raspberry Robin",
				"RaspberryRobin",
				"SocGholish",
				"Vasa Locker",
				"WastedLoader",
				"WastedLocker",
				"cobeacon",
				"wp_encrypt"
			],
			"source_id": "ETDA",
			"reports": null
		},
		{
			"id": "6c4f98b3-fe14-42d6-beaa-866395455e52",
			"created_at": "2023-01-06T13:46:39.169554Z",
			"updated_at": "2026-04-10T02:00:03.23458Z",
			"deleted_at": null,
			"main_name": "Evil Corp",
			"aliases": [
				"GOLD DRAKE"
			],
			"source_name": "MISPGALAXY:Evil Corp",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		}
	],
	"ts_created_at": 1775434298,
	"ts_updated_at": 1775791995,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/7015778b29c1050d1b4092ec0204b6c4ee58b849.pdf",
		"text": "https://archive.orkl.eu/7015778b29c1050d1b4092ec0204b6c4ee58b849.txt",
		"img": "https://archive.orkl.eu/7015778b29c1050d1b4092ec0204b6c4ee58b849.jpg"
	}
}