D4rk4rmy is a ransomware-associated cybercriminal group that emerged publicly in 2024 and has been tracked as one of the newer entrants in the ransomware ecosystem. The group is also referred to as d4rk_4rmy and D4rk 4rmy. Reporting links it to extortion activity conducted through public victim claims and leak-site style operations, indicating a financially motivated intrusion model centered on data theft and coercive disclosure. Observed victim claims span multiple sectors, including higher education, finance, legal services, hospitality, and commercial enterprises. Publicly claimed targets have included organizations such as Loyola University Chicago, Bridgewater Associates, Vinson & Elkins, the University of Puerto Rico Rio Piedras Campus, and Monte-Carlo Société des Bains de Mer. This victimology suggests opportunistic targeting rather than a narrowly specialized vertical focus. D4rk4rmy has been identified in ransomware trend reporting as a newly active group alongside other emerging crews, reflecting the continued fragmentation and rapid turnover of the ransomware landscape. It has been associated with dark-web forum activity as well, with members reportedly involved in managing DarkForums during its early period. That overlap indicates participation not only in extortion operations but also in the broader cybercriminal ecosystem that supports data trading, access brokerage, and underground collaboration. There is no high-confidence public evidence in the available material tying D4rk4rmy to a specific nation-state sponsor. The group is best characterized as a criminal ransomware and extortion actor operating in the broader financially motivated underground.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
5 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Named as a new ransomware variant/gang emerging in 2024 and associated with victim claims posted in July 2024.
A newly active ransomware group in July 2025, part of the emerging threat landscape.
D4rk4rmy is a hacking group that claimed responsibility for breaching Monte-Carlo Société des Bains de Mer.
D4rk4rmy is a hacking group that initially managed DarkForums, a forum for trading hacked data that rose in prominence after the takedown of BreachForums.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.