ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: June 2026, Week 2
2026.06.17

☑️ Weekly Darkweb – June Week 2, 2026



🔍 Singapore-based Global Education Company ‘G’ Listed on ‘FulcrumSec’ Leak Site


• On June 10, threat actor group ‘FulcrumSec’ issued a post on the dark web, claiming to have exfiltrated data from the Singapore-based global education company ‘G.’


✓ Company ‘G’: A Singapore-based global education organization operating more than 60 international school campuses across 11 countries, including Singapore, India, and the UAE.


• The user claims to have exfiltrated 4.8 TB of data and has publicly released 111 GB of samples, allegedly including student and parent passport numbers, faculty account details, employee payroll and HR records, source code, and cloud environment configuration information.


• ‘FulcrumSec’ provided a detailed explanation of two factors that allegedly enabled the intrusion:


1. The treat actor claims to have obtained ‘initial access’ through a compromised AWS account


2. The actor further claimed that the same credentials provided access to five internal MSSQL servers, enabling broader access to sensitive data and subsequent exfiltration.


• [Note] As threat actors often use compromised accounts to exfiltrate internal servers, organization should leverage CTI solutions, such as S2W’s QUAXAR, to detect and respond to such incidents.



🔍 Classified Data (5TB) of U.S. Defense and Aerospace Contractor Up for Sale on Dark Web


• On June 6, a post selling 5TB of classified data from U.S. Defense and Aerospace Components Manufacturer ‘V’ was identified on the dark web hacking forum ‘Spear.’


✓ Company ‘V’: A California-based defense and aerospace contractor with a reported annual revenue of approximately USD 120 million.


• The user claimed that the data for sale include CAD files, chemical properties, test data, and emails. The user stated that sample data was available for purchase for BTC 20 and the complete dataset for BTC 7,000.


• As evidence of attack, the user uploaded external dark web links containing portions of the breached data in possession, notably defense supply chain materials related to U.S. Navy submarine noise-reduction technology.



🔍 400 million Records of Classified North Korean Military Data Up for Sale on Dark Web


• On June 2, 400 million records of classified North Korean military data were put up for sale on the dark web hacking forum ‘BatchForums’ for BTC 0.5.


• The user claimed to possess confidential data from the Korean People’s Army (KPA) Ground Force, Air Force, and Strategic Force and DPRK Missile Administration as well as data on more than 1.3 million active-duty soldiers and the 2025 budget documents.


• The user, as proof of attack, uploaded an external link purportedly containing administrator activity logs, military intelligence, and system error logs, but the link was confirmed to be inaccessible.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260614_EN.pdf
News Highlights
Weekly Darkweb: June 2026, Week 1
2026.06.10
Previous
Threat Intelligence Reports
Megalodon: Software Supply Chain Attack Campaign Report
2026.06.17
Next
List