ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: February 2026, Week 2
2026.02.18

☑️ Weekly Darkweb – February Week 2, 2026



🔍 Domain and Dev Server Access for Major US Retail & Logistics IT for Sale


• On February 7th, a listing offering domain accounts and access to six development servers belonging to a major US retail and logistics IT firm appeared on the dark web hacking forum 'Exploit.'


  ✓ While the victim’s name was not disclosed, the company is described as having over 140 stores across six US states with an annual revenue of approximately USD 1 billion.


• The seller is offering internal network access via VPN, RDP, and SSH with certificates, along with domain user accounts, for USD 12,000. They also claimed to have downloaded "Fullz" and source code from multiple unencrypted databases.


→ Fullz : A slang term used in cybercrime referring to a comprehensive package of Personally Identifiable Information (PII), including names, dates of birth, addresses, and ID numbers. As proof, the seller disclosed infrastructure details: endpoint security and backup solutions, six domain controllers, and approximately 3,400 networked PCs.



🔍 Internal Database of Egypt’s National Airline E for Sale on Dark Web


• On February 9th, a listing for the confidential database of Egypt’s national airline, E, was identified on the dark web hacking forum ‘DarkForums.’


  ✓ The user claims to possess approximately 104,000 records and sensitive documents, including admin and user credentials.


• The dataset reportedly encompasses pilot emails, National IDs, HR recruitment data, and other personal information.


• The leaked materials consist of 42 PDFs, three images, and a video file exfiltrated from staff emails, with a starting price of USD 300 in Monero (XMR).


→ Notably, a sample image of a “Fuel Docket (for freighter)” document was provided as proof of the leak.



🔍 RipperSec Targets South Korean Defense Sector with Large-Scale Cyberattacks


• Large-scale cyberattacks targeting South Korean defense agencies and companies have been identified through the Telegram channel operated by the hacktivist group 'RipperSec.'


• The group claimed DDoS attacks against the Defense Acquisition Program Administration (DAPA) on the 6th, Korean defense firm D on the 8th, and the Army and Army Training Center websites on the 9th while sending messages demanding a halt to the supply of weapons and tanks to Israel.


• On the 8th, the group claimed a DDoS attack against Korean defense firm P and the takeover of its PayPal account, releasing related credentials as images while stating their motives were not financial.


→ RipperSec is a Telegram-based pro-Palestinian and Islamic hacktivist group that has targeted South Korea three times since 2024, including an alliance with Russian actors.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260215_EN.pdf
Threat Intelligence Reports
n8n Vulnerability Analysis: CVE-2025-68613, CVE-2026-21858, CVE-2026-25049
2026.02.11
Previous
Threat Intelligence Reports
Inside the Ecosystem & Operations: DragonForce Ransomware Group
2026.02.19
Next
List