{"id":3084,"date":"2021-08-23T11:54:53","date_gmt":"2021-08-23T09:54:53","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=3084"},"modified":"2026-06-08T22:58:39","modified_gmt":"2026-06-08T22:58:39","slug":"marketo-virginia-defense-force-leak","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/marketo-virginia-defense-force-leak\/","title":{"rendered":"Marketo and Virginia Defense Force: classified data published"},"content":{"rendered":"\n<p style=\"text-align: justify\"><strong>Marketo<\/strong> is the name of a criminal gang and their <strong>BlackMarket<\/strong> platform. Active since April 2021, they do not operate as RaaS and claim not to conduct direct cyberattacks. However, evidence suggests potential linkages between cyberattack operations and activities conducted by this criminal group.<\/p>\n\n\n\n<p style=\"text-align: justify\">The Twitter profile (<a href=\"https:\/\/twitter.com\/GottMannus\" class=\"ek-link\">@Mannus Gott<\/a>), directly associated with the gang, presented the Marketo site as an &#8220;<strong>informational marketplace<\/strong>&#8220;, emphasizing that the group does not conduct cyberattacks.<\/p>\n\n\n\n<p style=\"text-align: justify\">In recent days, they published classified and <em>Top Secret<\/em> information on their site, relating to the <em><strong>Virginia Department of Military Affairs<\/strong><\/em> and the <strong><em>Virginia Defense Force<\/em><\/strong>.<\/p>\n\n\n\n<p style=\"text-align: justify\">The <strong><em>Virginia Defense Force (VDF)<\/em><\/strong> is the official defense force of the Commonwealth of Virginia, one of three components of the state military alongside the Virginia National Guard, which comprises the Virginia Army National Guard, the Virginia Air National Guard, and the unorganized militia.<\/p>\n\n\n\n<figure class=\"wp-block-image alignwide size-large is-style-zoooom\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-9-1024x314.png\" alt=\"\" class=\"wp-image-3085\" loading=\"lazy\" \/><\/figure>\n\n\n\n<figure class=\"wp-block-image alignwide size-large is-style-zoooom\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-10-1024x304.png\" alt=\"\" class=\"wp-image-3086\" loading=\"lazy\" \/><\/figure>\n\n\n\n<p style=\"text-align: justify\">A portion of the data is available for download; regarding the Defense department, the total volume of documents appears to be approximately <strong>61 GB<\/strong>.<\/p>\n<p style=\"text-align: justify\"><span>Recently, gang members released a communication on their site alleging that the Virginia Department conducted a DDoS attack and that, following this incident, files will be published across multiple forums listed at the end of the image. Our <a href=\"https:\/\/fortgale.com\/en\/cyber-threat-intelligence\/\">Cyber Threat Intelligence<\/a> tracking confirms the exfiltration of sensitive state defense materials, consistent with T1041 (Exfiltration Over C2 Channel) and T1020 (Automated Exfiltration) patterns observed in similar data-staging operations.<\/span><\/p>\n<p><\/p>\n\n\n\n<div class=\"wp-block-image caption-align-center is-style-zoooom\"><figure class=\"aligncenter size-large is-resized\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-11-510x1024.png\" alt=\"\" class=\"wp-image-3088\" width=\"235\" height=\"472\" loading=\"lazy\" \/><\/figure><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Marketo extortion site publishes data attributed to the Virginia Defense Force: data scope, attribution claims and downstream risk for affected entities.<\/p>\n","protected":false},"author":1,"featured_media":2615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3250,1687,3190,1689,1691,1693,1695,1697,3251,1699],"class_list":["post-3084","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-data-leak-site","tag-defense-it","tag-extortion","tag-gott-it","tag-mannus-it","tag-mannus-gott-it","tag-market-it","tag-marketo-it","tag-public-sector-targeting","tag-virginia-it"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=3084"}],"version-history":[{"count":2,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3084\/revisions"}],"predecessor-version":[{"id":9890,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3084\/revisions\/9890"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=3084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=3084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=3084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}