DDW Weekly Highlights in December W2

Resources

2024.12.19

☑️ S2W DDW Weekly Highlights in December W2

🔍 Database Containing Israeli Government Agency Data Shared for Free on Dark Web

• A post on the Dark Web forum BreachForums has been published, claiming to sell stolen data from Israeli government agencies.

• On December 9, forum user Rey disclosed the exfiltration and distribution of data from the Knesset, Israeli Parliament, comprising more than 200,000 files totaling around 45GB.

• The user stated that the compromised dataset includes internal documents and reports from various government agencies, including the Israeli Parliament, Ministry of Defense, Ministry of Health, and Ministry of Education.

🔍 Taiwanese Soldiers and Officials’ Addresses Sold Cheaply on Hacking Forum

• On December 11, personal data of Taiwanese military personnel and government officials was discovered for sale on the hacking forum 'Danger Zone.'

• The seller, identified as CIA, listed the victim's personal information for $250 and provided a sample in the post.

✓ Field of personal information: name, ID, social security number, address, military service code etc.

• According to S2W XARVIS's user profiling feature ‘Dark Spider,' the threat actor operates under the name "CIA" on the forum '007 DDOS' while also managing their own Telegram channel.

🔍 Indonesian ISP Admin Panel Access Sold, Linked to New Ransomware Group Funksec

• On December 10, it was discovered that internal network administrator account of the Indonesian ISP company 'Inet Global Indo' was being sold on the blog of the new ransomware group 'Funksec' for Bitcoin worth $500.

• 'Funksec,' a newly-formed ransomware group as of November this year, is recognized for launching attacks using its self-developed ransomware binaries.

✓ To date, they have carried out cyberattacks on a total of 11 companies, with affected countries including the United States, Jordan, France, and India.

• Funksec’s blog not only leaks ransomware victim data but also features attack target announcements, forum-style data/access sales, and sharing of custom-developed DDoS tools, distinguishing it from traditional ransomware blogs.

If you want to read more, follow the newsletter as below and visit S2W Inc. website to contact us.

✅ https://s2w.inc/en/contact

* The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Darkpedia_Newsletter (20241215)_EN.pdf

Threat Intelligence Reports

Analysis of LLM App Development Platform, Flowise Vulnerability: CVE-2024-8181

2024.12.13

Threat Analysis Brief Reports

Analysis of Malware Disguised as Exploiting Domestic Social Issues

2024.12.20

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.