Weekly Darkweb in March W2

Resources

2025.03.12

☑️ Weekly Darkweb in March W2, 2025

🔍 20 Million Japanese Bank Customer Records Shared on Dark Web and Telegram

• On March 1, A Japanese bank customer data file in Excel format was found being shared on the dark web hacking forum ‘XSS.’

• The stolen data was uploaded as an attachment by forum user ‘sqlemma,’ including personal details of individuals believed to be Japanese bank customers.

✓ Compromised Information: Names, gender, date of birth, ID card numbers, transaction amounts, addresses, and phone numbers of approximately 20 million individuals.

• The threat actor listed their Telegram channel and personal profile links in the post, and the same data appears to have been leaked within their Telegram channel.

🔍 UAE Ministry of Defense Admin Access for Sale on Dark Web Hacking Forum

• On February 28 A post selling VPN administrator access to the UAE Ministry of Defense's internal system was detected on the dark web hacking forum 'BreachForums.'

• The seller ‘nxe’ is offering UAE Ministry of Defense VPN administrator access along with several related confidential documents for $7K, stating that general access without admin privileges will be available for $900.

• According to S2W’s profiling tool ‘DarkSpider,’ ‘nxe’ uploaded a post on March 5 offering access to the administrator panel of a military magazine issued by the UAE Ministry of Defense.

🔍 Taiwanese Hospital Patient Database Breached, Website Inaccessible

• On February 28, The database of Taiwan’s Mackay Memorial Hospital was exfiltrated by threat actor ‘Crazyhunter,’ and a sample database was found on the dark web hacking forum ‘BreachForums.’

• The threat actor is selling sensitive personal information of approximately 16 million individuals—including names, contact details, addresses, birthdates, and medical records—while also providing a URL to access a sample dataset.

✓ The seller stated that the sample data would be used to threaten the hospital for 10 days rather than for sale.

• On March 5, ‘Crazyhunter’ launched an auction for the stolen data, starting at a bid of $100,000.

✓ According to the threat actor, the affected Taiwanese hospitals are ‘Taipei Hospital,’ ‘Tamsui Hospital,’ ‘Taitung Hospital,’ and ‘Hsinchu Hospital.’

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I

☎️ Contact us: https://s2w.inc/en/contact

* The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb (20250306)_EN.pdf

R&D Columns

LLM Security Issues and Case Studies: The Need for Security Guardrails

2025.03.11

Threat Intelligence Reports

AI-Powered Threats Case Study #01: Malware Utilization & Evolution

2025.03.13

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.