ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: March 2026, Week 4
2026.04.01

☑️ Weekly Darkweb – March Week 4, 2026



🔍 Massive Data Leak Targeting Global Automaker ‘B’ Posted on Dark Web


• On March 23, a post warning of a massive data breach targeting German-based global automaker B was uploaded to the dark web hacking forum ‘BreachForums’.


• The threat actor ‘xpl0itrs’ reported that after an initial compromise and data exfiltration in February, it collaborated with other threat groups, including ‘DarkRomance’ and ‘teampcp’, to expand access to B’s internal systems and is currently obtaining additional data.


✓ On February 18, ‘xpl0itrs’ uploaded a post selling IDOR exploit code that enables unauthorized access to other users’ data by manipulating user identifiers, along with PII of B’s employees obtained through the exploit. The exploit code is reportedly still being sold on the forum.


✓ Compromised Data: Personal information of employees and customers worldwide, API data, B's subsidiaries data, information on more than 32 global automakers (including Japanese automaker M·D, German automaker A, and U.S. automaker F), etc.


• As evidence, the threat actor uploaded 10 images, including JSON files with vehicle and customer data, AWS logs, API vulnerability validation screens, and system configuration files.



🔍 Polish Internet Service Provider Confidential Data for Sale on Dark Web


• On March 21, a post offering confidential information from a Polish Internet Service Provider was detected on the dark web hacking forum ‘DarkForums’.


• Forum user ‘Katarinka’ claimed to be selling approximately 30,000 records, including a customer personal information database and contract images.


✓ Compromised Data: Customer personal data, VIP corporate data, contract and subscription fee information, location and connection structure of telecommunications equipment data


• Exploitation of telecommunications equipment locations and network structure data could enable targeted attacks on internet infrastructure or cause service disruption, requiring heightened caution.



🔍 U.S., Israel CCTV Breaches Claimed by Telegram Channel


• On March 21, a message claiming the compromise of more than 100 personal CCTV systems in the United States and Israel was detected on the Telegram channel ‘NetStrike’.


• The Telegram channel ‘NetStrike’ uploaded a 59-second video as evidence, showing multiple images believed to be from personal CCTV systems installed inside and outside homes. Most images appear to have been captured on the same date as the post.


• ‘NetStrike’ also shared a link to access the data, along with the hashtags #OpIsrael and #OpUSA.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260329_EN.pdf
Threat Intelligence Reports
Detailed Analysis of Iran-Israel/USA Cyberwarfare
2026.03.25
Previous
Threat Intelligence Reports
Beast Ransomware Analysis Report
2026.04.01
Next
List