☑️ Weekly Darkweb – April Week 5, 2026

🔍 Internal Data of Egyptian Refining Company ‘A’ Under EGPC Leaked by BASHE Ransomware Gang

• On April 27, Egyptian refining company ‘A’, a subsidiary of the Egyptian General Petroleum Corporation (EGPC), had been listed as a victim on the BASHE ransomware gang’s data leak site.

✓ Company ‘A’ is a key player in Egypt’s energy industry, refining over 3.5 million tons of crude oil annually, with an annual revenue of approximately USD 3 billion.

• As evidence of the attack, the BASHE ransomware gang uploaded images of internal documents, including oil processing facility blueprints and employee attendance reports.

• On April 29, the ransomware gang released a link to a 500MB dataset containing internal documents, financial statements, and personal files of employees.

🔍 Japan Aerospace Exploration Agency Database for Sale on Dark Web

• On April 27, a post offering 7TB database of the Japan Aerospace Exploration Agency (JAXA) was identified on the dark web hacking forum ‘PwnForums.’ (Price: USD 500)

✓ JAXA, established in 2003 to conduct basic aerospace research and develop rockets and satellites, is a leading research organization that has successfully carried out projects such as the 2024 lunar landing mission.

• Forum user ‘APT001’ claimed to have obtained the data directly and uploaded a screenshot of the file tree as evidence of the attack.

→ On April 1, a post claiming the exfiltration of 6.9 TB of data from the JAXA was uploaded to the ALP-001 ransomware gang’s data leak site. The site is currently inaccessible.

🔍 Confidential Security Strategy Data of Taiwan and China Offered for Sale

• On April 26, a post offering confidential security strategy data related to Taiwan and China was uploaded on the dark web hacking forum ‘DarkForums.’ (Price: USD 16,000)

• The threat actor claims to have obtained 1.8 GB of data, including cybersecurity and strategic intelligence, infrastructure and economic reports on Taiwan-based global semiconductor manufacturer ‘T’, Chinese naval radar R&D data, and China’s Wuling Base military infrastructure project document.

• As evidence, the threat actor uploaded images of a cyber threat analysis report issued by Taiwan’s National Information Security Center (NICS), a commendation letter for construction quality excellence from Taiwan’s Ministry of National Defense, and a confidential report on a Chinese naval radar R&D project.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_20260503_EN.pdf

News Highlights

Weekly Darkweb: April 2026, Week 4

2026.04.29

Threat Intelligence Reports

Inside the Ecosystem & Operations: Gunra Ransomware Group

2026.05.13

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.