Tuesday, February 11, 2025
HomeCyber CrimeMember of Dark Overlord Hacker Group Sentenced to Five Years in Prison...

Member of Dark Overlord Hacker Group Sentenced to Five Years in Prison for Stealing Medical and Financial Data

Published on

SIEM as a Service

Follow Us on Google News

Nathan Wyatt, 39, United Kingdom national pleaded for his role in “The Dark Overlord” Hacking Group conspired to steal personal and medical data. He was sentenced to five years in federal prison.

The Dark Overlord is a well-known hacking group that specializes in stealing sensitive information and threaten victims with exposure unless the ransom is paid.

The group hacks multiple organizations in the US and UK to steal the data and threatens them for a ransom payment. The target number of organizations including healthcare, financial, legal, film, and others.

Nathan Wyatt was extradited from the United Kingdom to the United States on Dec 19, 2019, according to court documents he played a key role in hacking activity.

“U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016. Judge also ordered Wyatt to pay $1,467,048 in restitution.”

According to the indictment, The Dark Overlord has victimized innumerable employers in the United States, many of them affected repeatedly.

“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division.

Wyatt said that he was part of the group beginning in 2016 and he is responsible for accessing the number U.S. company’s computer network without authorization.

“Wyatt admitted that The Dark Overlord co-conspirators acted by obtaining sensitive data from victim companies, including patient medical records and personal identifying information, and then threatening to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.”

He also said that he played a role in creating, validating, and maintaining communication, payment, and virtual private network accounts.

Wyatt apologized during the hearing, held via Zoom, saying that he was on medication for mental problems that led him to make bad decisions.

Wyatt lawyer, Brocca Morrison, noted that Wyatt did not orchestrate the hacks and is the only hacker who has been identified.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Also Read

Operator Behind the Most Infamous GandCrab Ransomware Arrested in Belarus

Interpol Arrested 3 Indonesian Hackers Who have Hacked Hundreds of Ecommerce Websites With JS-Sniffer Malware

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has...

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...

Seven-Year-Old Linux Kernel Bug Opens Door to Remote Code Execution

Researchers have uncovered a critical vulnerability in the Linux kernel, dating back seven years,...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Apple iOS 0-day Vulnerability Exploited Wild in Extremely Sophisticated Attack

Apple has released emergency security updates to address a zero-day vulnerability, CVE-2025-24200, that has...

SHA256 Hash Calculation from Data Chunks

The SHA256 algorithm, a cryptographic hash function, is widely used for securing data integrity...

New Report of of 1M+ Malware Samples Show Application Layer Abused for Stealthy C2

A recent analysis of over one million malware samples by Picus Security has revealed...