🌐 Deep Dark Web Weekly Highlights in May W1

1. Ransomware Attack: US Government

Recent findings suggest that confidential documents belonging to a US district court have been compromised and are being offered for sale by a ransomware group on the dark web. The gang operating under the moniker "Everest" has recently made posts about the Illinois district court on its confidential leak site, disclosing a trove of sensitive information. Per the data samples provided, the exposed information comprises personally identifiable information of local court personnel, internal communications circulated within the court, Social Security Numbers (SSNs) of Illinois residents, and court case information.

2. Personal Information Leak: Chinese Citizens

It has been reported that the personal data of more than 600 million Chinese citizens has been compromised and is currently being offered for sale on the Russian dark web hacking forum known as “Exploit.” The data being offered for sale reportedly comprises of personally identifiable information such as names, contact details, dates of birth, national identification numbers, and financial information. The threat-actor behind this cyberattack, who operates under the alias “ChinaManDan,” is reportedly attempting to sell the complete database for $80,000 (equivalent to approximately KRW 100 million) and has also shared a distinct URL for downloading a sample of the database.

3.  Hacking: Healthcare Industry

It has come to light that the Secure Shell (SSH) access privileges to the internal network of a domestic medical device manufacturer are being offered for sale on a hacking forum named “RAMP,” which is notorious for its illicit activities on the dark web. The affected company is a South Korean medical device manufacturer known as JPI Healthcare, which specializes in the production and exportation of radiation imaging solutions, particularly in the field of X-ray technology.