Weekly Darkweb in April W4

Resources

2025.04.30

☑️ Weekly Darkweb – April Week 4, 2025

🔍 Personal Information of Chinese Streaming Platform Users Sold on Dark Web

• Personal information of users from a Chinese video production and streaming platform (“Company T”) is reportedly being sold on the dark web forum "BHF."

• According to the forum post, the threat actor "danielproduct1k" attempted to extort Company T by threatening to leak the stolen data. However, the company did not comply with the demands.

• In retaliation, the threat actor posted the stolen data for sale and released a sample dataset that is accessible to the public.

✓ The threat actor is believed to be a member of “R00TK1T,” a group known for targeting government and corporate entities in Asia and the Middle East.

🔍 Multiple Governments and Military Entities Targeted by Threat Actor ‘Dedale’; Sensitive Data Offered for Sale

• The threat actor "Dedale," active on the dark web forum “DarkForums,” has recently posted multiple listings offering confidential government data for sale.

• According to S2W’s user profiling tool “DarkSpider,” Dedale uploaded seven posts between April 18 and 24.

✓ Sample listings include: “Indian Military Operation Documents,” “Turkish Military Classified Files,” “Hellenic Air Force Data,” and “Iraqi Ministry of Industry and Trade.”

• Analysis suggests that the threat actor primarily exploits leaked employee credentials to infiltrate internal networks and exfiltrate data, which is then monetized.

🔍 Major Mexican Telecom Provider Suffers Mass Data Leak Due to Unpatched Vulnerability

• Sensitive personal information—names, contact numbers, IP addresses, and email addresses—of customers from Mexico’s largest telecom company (“Company T”) has surfaced for sale on the dark web forum "leakbase."

• The threat actor “elprofessor” claims to have repeatedly warned Company T executives about the vulnerability, but no corrective action was taken.

• Despite the company’s public notice urging users to change their passwords, the threat actor asserts that the core security flaw remains unresolved, enabling continued data exfiltration.

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_EN (250427).pdf

Threat Intelligence Reports

Threat Group Profiling: Lazarus

2025.04.29

Threat Intelligence Reports

Analysis of BPFDoor Malware Targeting Korean Enterprises

2025.04.30

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.