Weekly Darkweb in March W4

Resources

2025.03.26

☑️ Weekly Darkweb - March Week 4, 2025

🔍 Confidential Iran, North Korea Military Information for Sale on the Dark Web; North Korean Data Previously Exposed

• On March 18th, a user known as 'Lecter' uploaded a post on dark web forum 'RAMP4U,' offering sensitive information about Iran’s Revolutionary Guard Corps (IRGC) and North Korea’s secret missile operation bases.

✓ Compromised Data: Personal information of IRGC members and their internal operations, as well as the geographic locations of North Korea’s secret missile bases, along with associated key personnel details.

• Back in January, the user 'ssteve' from the dark web forum 'OnniForums' was found selling the same information about North Korea.

🔍 Taiwan Ministry of Defense 1,000 Officials' Personal Data at Risk, Suspected to Be Anti-Taiwan Hacktivists

• On March 17th, a post was identified on the dark web forum 'BreachForums,' claiming to contain detailed personal information, including department, names, and residential addresses, of approximately 1,000 Taiwan Ministry of Defense employees.

• The forum user 'human1998' is believed to have disclosed the data as an act of hacktivism, citing corruption within the Taiwan Ministry of Defense.

✓ Hacktivism: The practice of threat actors, operating on the dark web and Telegram, conducting cyberattacks against corrupt governments or opposing governmental parties.

• The threat actor posted a screenshot of the stolen data, with parts of it blurred using a mosaic effect, presumed to be personal information of Ministry of Defense employees.

🔍 Free Phishing Tool for Replicating Websites Available on Dark Web

• A post was discovered on the 'BreachForums' dark web forum, hosting a tool that replicates websites for phishing purposes.

• The threat actor 'lulagain' outlined how to use the tool in a post, demonstrating it by duplicating the login portal of the U.S. telecom company 'AT&T.'

• In most cases, when credentials are entered on a phishing site, the information ends up in the hands of the threat actor, and the compromised accounts are used as basic data for further attacks.

• Phishing website detection and takedown can be verified and carried out using the S2W CTI solution 'QUAXAR.'

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I

☎️ Contact us: https://s2w.inc/en/contact

* The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb (20250320)_EN.pdf

R&D Columns

Unlocking Insights with Multi-Domain Cross-Analysis

2025.03.25

Threat Intelligence Reports

Unlocking Ransomware: Tools for Analyzing and Decrypting Windows Locker

2025.03.28

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.