Donutleaks

Ransomware Group Profile

Overview

Donut Leaks (D0nut) is a data-extortion group active since August 2022 that developed its own ransomware encryptor, linked to attacks on Greece's DESFA gas company and Continental, believed to be an affiliate of multiple RaaS operations who pivoted to running an independent extortion platform.

Dark Web Infrastructure (6)
sbc2zv2qnz5vubwtx3aobfpkeao6l4igjegm3xx7tk5suqhjkp5jxtqd.onion
doq32rjiuomfghm5a4lyf3lwwakt2774tkv4ppsos6ueo5mhx7662gid.onion
dk4mkfzqai6ure62oukzgtypedmwlfq57yj2fube7j5wsoi6tuia7nyd.onion
qkbbaxiuqqcqb5nox4np4qjcniy2q6m7yeluvj7n5i5dn7pgpcwxwfid.onion
ieflygyfoezms2wshjpfyfz4hpyxjcdtxejntysvopd7n7cmmnucbkad.onion
5zhg2foerm66oqdpmhs52pzfkwqx5rcfhje5j5rltctq5cjs653u3rid.onion
Activity Timeline
First Seen2022
Last Seen2025
Leak Sites6
Quick Actions
View All GroupsThreat Actors
Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives
PoC for every finding
30+ tools orchestrated
Book a DemoLearn More
Setup in 5 minutesSOC 2 & ISO 27001