Skip to content
Ransomware group

DonutLeaks

DonutLeaks is a threat actor name observed in connection with a dark web leak site.

Profile source: Mallory opens in a new tab

DonutLeaks

Family profile

DonutLeaks is a threat actor name observed in connection with a dark web leak site. In the provided reporting, actors calling themselves "DonutLeaks" or variations of "Donut" allegedly added a listing on or about May 18, 2024 for "Pittsburgh’s Trusted Orthopaedic Surgeons." A screengrab of that listing was reportedly available via Ransomware.live, and the DonutLeaks leak site later went offline. The referenced incident remains unconfirmed in the provided content: it does not appear in the U.S. Department of Health and Human Services public breach tool, and reporting states it was unclear whether the victim experienced that attack, whether data was exfiltrated, or whether any data was leaked or sold. No additional high-confidence information about DonutLeaks’ targets, tooling, tactics, techniques, sub-groups, or attribution to a nation state is directly supported by the provided content.

Ransomware.live

Operational record

View group record ↗

We appreciate you

Derp wouldn't exist without the work these projects do for the security community. We rely on their data sources to improve the quality and depth of what we publish. Thank you, we're genuinely grateful.