Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: July 2026, Week 1
2026.07.08

☑️ Weekly Darkweb – July Week 1, 2026



🔍 Malaysian Commercial Bank ‘C’ Targeted by Ransomware Gang


• On July 2, a threat message to expose customer data from Malaysian commercial bank ‘C' was detected on BLACKNET-00's Telegram leak channel.


✓ Company ‘C’: Established in 1956 and headquartered in the capital of Malaysia, it is one of Southeast Asia's largest banks, operating 10 global branches- including UK, HK, and CN.


• The group claimed to have hacked company's electronic payment system to secure all transaction histories, including domestic and international wire transfers. They released five bank statements as proof, claiming they gained account access to corporate client company ‘C'.


➢ On June 30, BLACKNET-00 introduced itself on 'BreachForums' as a financially motivated, China-based ransomware group that also leads the 'Infrastructure Destruction Squad'.



🔍 UAE Ministry of Interior Personnel's Personal Information Up for Sale


• On July 2, a post offering the personal information of personnel from the United Arab Emirates (UAE) Ministry of Interior for sale was detected on the dark web hacking forum 'BreachForums' (Asking price: USD 4,500)


• The forum user '0cx00iq' claimed to possess 2026-current personal information of Ministry Interior personnel—including names, family details, date of birth, IDs, and passports—plus military ranks, advertising its use for targeted attacks and fraud.


• The threat actor criticized the UAE, claiming it supports various armed groups in Syria, including ISIS, and announced plans to sell additional large volumes of confidential government agency data.


✓ S2W’s Telegram analysis module confirmed that the same threat actor also offered the personal information of Iranian IRGC and Qatar State Security Bureau personnel for sale on their private channel last month.



🔍 Taiwanese E-Commerce Company ‘P’s Financial Subsidiaries Targeted by Ransomware Gang


• On June 27, the SETTRA ransomware gang posted that the personal information of 3.5 million users from two of Company P's financial subsidiaries was compromised.


✓ Company ‘P’: A representative e-commerce enterprise in Taiwan founded in 1998, with an annual revenue reaching approximately $1.1 billion last year.


• The group claimed to have exfiltrated 102GB of data, releasing five sample images as proof. The dataset contains 87,000 Taiwan Police financial fraud targets, 2016–2022 vehicle owner data, internal employee HR/payroll records, and database locations.


• The ransomware gang exposed that such sensitive data was unmanaged, claiming the personal information of 3.5 million users was left abandoned in a single employee's personal work folder.


➢ On July 1, Company ‘P’ issued a statement asserting that all customer payment data is secure and no internal systems were breached or compromised.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


List