ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: March 2026, Week 3
2026.03.25

☑️ Weekly Darkweb – March Week 3, 2026



🔍 UAE National Oil Company Targeted by Pro-Iran Ransomware Gang ‘Nasir’


• On March 13, United Arab Emirates' national oil company D was listed on the leak site of the Nasir ransomware gang.


✓ D is owned by Dubai government and exclusively manages and operates all offshore oil fields within Dubai's territorial waters.


• The ransomware gang claimed to have exfiltrated 413GB of confidential data, including maps of critical high-value pipeline infrastructure, and stated that the data had been provided to relevant cells within the steadfast resistance.


• As proof of the attack, the threat actors uploaded screenshots and files containing pipeline and compressor blueprints, load radius charts, maps indicating infrastructure locations, and pipeline dashboards.


→ The Nasir group is a Hezbollah-affiliated organization that emerged in October 2025. On March 10, the group posted a statement announcing a cyberattack against U.S. and Israel.



🔍 Philippines Public Works Department Falls Victim to ‘BASHE’ Ransomware Gang


• On March 17, the Philippines Department of Public Works and Highways (DPWH) has confirmed that 50GB of internal data was compromised by the BASHE ransomware gang.


• The ransomware gang stated that the stolen data includes internal documents, emails with attachments, contact lists, financial records, employee personal information, and set the 27th as the negotiation deadline.


• As proof of the attack, the gang posted images of employee ID cards and academic transcripts.



🔍 Alleged Email Breaches of Israeli Intelligence Officials Detected on Dark Web


• On March 16 and 17, posts claiming email breaches of former and current senior officials of Israeli intelligence agency Mossad were found on the forum of Iran-linked hacktivist group ‘Handala’.


→ [Former Deputy Director of Mossad] On the 16th, a post claiming to have hacked the personal email of a former deputy director of the Mossad and obtained over 100,000 classified documents was uploaded on the Handala forum. As proof, the group released eight images, including a passport and email screenshots sent between 2018 and 2024.


→ [CFO of Institute for National Security Studies (INSS)] On the 17th, a post claimed that the email account of the CFO of INSS—a research institute affiliated with Mossad—had been compromised, and that over 50,000 confidential documents were stolen and uploaded on the Handala forum. The group released ten images as proof, including the CFO’s passport and internal email screenshots.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260322_EN.pdf
Threat Intelligence Reports
AI-Powered Threats Case Study #05: OpenClaw
2026.03.18
Previous
Threat Intelligence Reports
Detailed Analysis of Iran-Israel/USA Cyberwarfare
2026.03.25
Next
List