DDW Weekly Highlights in December W1

Resources

2024.12.12

☑️ S2W DDW Weekly Highlights in December W1

🔍 Sensitive Data on Russian Strategic Missile Geolocation for Sale on Dark Web 

• A post on the Dark Web hacking forum has been idenifited, claiming to have stolen data from Russia's 'Ministry of Defense website' and 'Public Service Portal.'

• Threat actor '0xDrako' disclosed that the compromised data concerning 'Russia's Strategic Missiles' was extracted from the targeted website

✓ List of compromised data: Russian missile geolocation, information related to air gap development, confidential documents, vocal interceptions, etc.

• The threat actor noted sample files will only be shared exclusively through DM due to security concerns.

• The threat actor appears to have carried out cyberattacks targeting the EU, Asia, and the U.S. since November.

🔍 Malaysia Atomic Energy Agency Data Breach Detected; Threat Actor Uses Compromised Data to Threaten Victim

• On December 3rd, the Malaysia Nuclear Agency's internal information was uploaded to 'BreachForums.'

✓ List of compromised data: Employees' emails, personal information, etc.

• Threat Actor 'Ciph3r' is employing a cyberattack in the form of a 'ransom,' leveraging the data they possess to demand money from the victim organization's server administrators, rather than selling it.

• After joining BreachForums last November, the threat actor have primarily targeted Southeast Asia.

🔍 Pro-Russian Alleged Telegram Channel Claimed to Hack Electric Vehicle Charging Station in Suwon, South Korea 

• On December 4th, a hijacking video was released on the pro-Russian Telegram channel 'Z-Pentest.' This video consisted manipulating into the internal system of an electric vehicle charging station located in Suwon, Gyeonggi province.

• The video shows the threat actor manipulating the cell balancing function of a major South Korean EV. (Cell Balancing: a function that keeps batteries at optimal state of charge)

• Part of the message written with the uploaded video is directed to the South Korean government , demanding to stop financing Kiev, the capital of Ukraine.

• The Telegram channel is currently inaccessible.

If you want to read more, follow the newsletter as below and visit S2W Inc. website to contact us.

✅ https://s2w.inc/en/contact

* The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Darkpedia_Newsletter (20241208)_EN.pdf

Threat Intelligence Reports

Analysis of Windows Server Remote Desktop Licensing Service Vulnerability: CVE-2024-38077 (MadLicense)

2024.12.05

Threat Intelligence Reports

Analysis of LLM App Development Platform, Flowise Vulnerability: CVE-2024-8181

2024.12.13

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.