Marketo and Virginia Defense Force: classified data published

Marketo is the name of a criminal gang and their BlackMarket platform. Active since April 2021, they do not operate as RaaS and claim not to conduct direct cyberattacks. However, evidence suggests potential linkages between cyberattack operations and activities conducted by this criminal group.

The Twitter profile (@Mannus Gott), directly associated with the gang, presented the Marketo site as an “informational marketplace“, emphasizing that the group does not conduct cyberattacks.

In recent days, they published classified and Top Secret information on their site, relating to the Virginia Department of Military Affairs and the Virginia Defense Force.

The Virginia Defense Force (VDF) is the official defense force of the Commonwealth of Virginia, one of three components of the state military alongside the Virginia National Guard, which comprises the Virginia Army National Guard, the Virginia Air National Guard, and the unorganized militia.

A portion of the data is available for download; regarding the Defense department, the total volume of documents appears to be approximately 61 GB.

Recently, gang members released a communication on their site alleging that the Virginia Department conducted a DDoS attack and that, following this incident, files will be published across multiple forums listed at the end of the image. Our Cyber Threat Intelligence tracking confirms the exfiltration of sensitive state defense materials, consistent with T1041 (Exfiltration Over C2 Channel) and T1020 (Automated Exfiltration) patterns observed in similar data-staging operations.