ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: April 2026, Week 3
2026.04.22

☑️ Weekly Darkweb – April Week 3, 2026



🔍 Internal Data of Bahrain Steel Holding Company ‘F’ Exfiltrated by Handala Group


• On April 13, a post claiming the exfiltration of internal data from Bahrain major steel holding company ‘F’ and its subsidiary ‘S’ was identified on a dark web forum operated by the Handala group.


✓ Company ‘F’ is one of Bahrain’s largest steel holding companies, established in 2008. Company ‘S’ is a steel manufacturer established as a joint venture between ‘F’ and Japanese steel manufacturer ‘Y’, and operates production facilities in Bahrain and Saudi Arabia.


• The Handala group uploaded approximately 20 images as evidence of the attack, including external building CCTV footage, UPS (uninterruptible power supply) monitoring software screens, and server virtualization platform interfaces.


• The Handala Group claimed to have attacked Company ‘F’, citing “group members who suffered during the airstrikes on Lebanon and the Ramadan period.”



🔍 Iranian Police Data and IRGC Surveillance System Data Leaked on Dark Web


• On April 12, a post offering leaked data related to Iranian police and the Islamic Revolutionary Guard Corps (IRGC) surveillance system was identified on the dark web hacking forum ‘BreachForums'.


• Forum user ‘IamNotaFBIWorker’ stated that the leaked data includes sensitive personal information, social media user data (account details, social interactions), and machine learning-based sentiment analysis data (anti-government tendencies, user sentiment analysis, and topic classification), and provided a download link to 10GB of data.


• The user claimed that the IRGC uses its own monitoring system to surveillance of Iranian citizens, suppression of opposition forces, and overseas, and stated that the leak exposes sensitive data and operational methods of the IRGC’s surveillance apparatus.



🔍 16 Million Personal Records from India’s National Scholarship Portal Leaked on Chinese Telegram Channel


• On April 15, a message claiming the acquisition of personal data from India’s National Scholarship Portal was uploaded to the Telegram channel ‘博士海外数据’. (Channel Name: Overseas Data PhD)


• The channel operator claimed to have obtained 16 million user records, including student names, parent names, gender, phone numbers, email addresses, and bank information, and released a screenshot of the portal administrator login page as an evidence.


• Last December, the same operator also claimed to have obtained 400,000 personal information—including names, genders, ID numbers, loan details, and bank information—from the official website of a job creation program operated by an Indian state government.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260419_EN.pdf
Threat Analysis Brief Reports
Axios CRLF Header Injection Chain Vulnerability: CVE-2026-40175
2026.04.22
Previous
Threat Intelligence Reports
Threat Group Profile: Silver Fox
2026.04.27
Next
List