DarkRomance is a cybercriminal threat actor referenced in reporting as a collaborator or associated group within a broader financially motivated ecosystem. The available content directly mentions DarkRomance in connection with TeamPCP and xpl0itts activity. TeamPCP was reported to have operated in cooperation with xpl0itrs, DarkRomance by extension, and a ShinyHunters-branded extortion group linked to Scattered Lapsus$ Hunters. In a separate March 2026 post about an alleged ongoing BMW-related data breach and wider automotive-sector intrusion activity, DarkRomance was named as one of three collaborating groups alongside teamPCP and one unnamed group. The reported activity involved claimed exploitation of an IDOR vulnerability, ongoing data exfiltration, and offers of initial access via file upload and IDOR vulnerabilities. Based on the provided content, DarkRomance is associated with collaborative intrusion and data-theft activity, but no higher-confidence details are available on its independent tooling, victimology, malware, or national affiliation.
Mallory correlates actor tradecraft and target patterns against your stack, your sector, and your geography. See overlap before they land.
6 distinct techniques observed across reporting, grouped by tactic. Hover any cell for the evidence excerpt; click through for MITRE's full description.
2 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
Named as a cooperating threat actor group associated indirectly with TeamPCP operations.
Named as a collaborating group assisting xpl0itts in the expanded BMW-related breach activity.
Match sector + geo + tech-stack targeting against your real footprint.
Every observed MITRE ATT&CK technique, grouped by tactic.
Families this actor is known to deploy, with IOCs and behavior.
CVEs this actor has used in known campaigns.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Domains, IPs, and hashes tied to this actor, refreshed continuously.