ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: May 2026, Week 1
2026.05.13

☑️ Weekly Darkweb – May Week 1, 2026



🔍 UAE Major Oil Export Hub Port ‘F’ Allegedly Hacked by Handala Group


• On May 4, a post claiming the compromise of Port ‘F’, a key crude oil export hub in the UAE, was uploaded to the dark web data leak site operated by the Handala Group.


• The group claimed to have exfiltrated over 430,000 confidential documents, including ship operation records, financial transaction data, and layout maps of oil pipelines and critical infrastructure facilities. As evidence, the group also released eight sample images containing Dubai Customs immigration certificates and customs declaration documents.


• The Handala Group alleged that the stolen confidential information had been delivered to missile units of the Iranian Revolutionary Guard Corps (IRGC), and a missile strikes targeting Port ‘F’ was carried out based on this information.


➢ Handala is an Iran-backed cyber threat group that emerged following the Israel-Hamas war in October 2023. Since February, the group has continued conducting cyber operations, coinciding with the escalation of tensions between the U.S. and Iran.



🔍 10GB of Confidential Data from U.S. Semiconductor Manufacturer ‘S’ Spotted on Dark Web


• On May 7, a post claiming to have stolen confidential data belonging to U.S. semiconductor manufacturer ‘S’ was identified on the Russian dark web hacking forum ‘Exploit’.


✓ Company ‘S’ is a key component supplier to company ‘A’, a major U.S. electronics manufacturer that holds approximately 20% of the global smartphone market share


• Forum user ‘sorry’ claimed to have obtained approximately 10GB of data, including 5G semiconductor design data used by ‘A’ and information on about 20 employees from both ‘A’ and ‘S’. As evidence, the user released screenshots of a file tree believed to contain data dated between 2020 and 2026.



🔍 Singapore-Based Global Bank ‘O’ Malaysia Subsidiary Database Leaked on Dark Web


• On May 4, a post offering a database belonging to the Malaysian subsidiary of Singapore-based global bank ‘O’ was identified on the dark web hacking forum ‘BreachForums’.


• User ‘JAX7’ claimed that the leaked data contains personally information, including phone numbers, email addresses, banking details, and passport information, uploading a portion of the data as samples.


➢ According to S2W user profiling tool, the user uploaded another post containing the leaked data from the Malaysian branch of Singapore-based global bank ‘U’ on the same day. It was also confirmed that the user had uploaded more than 10 Indonesia-related data leak posts over the past week.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260510_EN.pdf
Threat Intelligence Reports
Inside the Ecosystem & Operations: Gunra Ransomware Group
2026.05.13
Previous
News Highlights
Weekly Darkweb: May 2026, Week 2
2026.05.20
Next
List