Weekly Darkweb in April W5
2025.05.07
☑️ Weekly Darkweb – April Week 5, 2025
🔍 South Korean Enterprises Suffer Cyberattacks; Sensitive Data Posted for Sale on the Dark Web
• On April 30, it was identified that the B2B store database of global electronics company ‘S’ was being sold for $1,000 on the Russian Dark Web hacking forum ‘Exploit.’ The seller ‘Thales’ claimed to be offering personal data of 6,000 employees, including names, phone numbers, and addresses, as well as employee information from other Korean conglomerates.
• On the same day, ‘Thales’ also uploaded another post offering admin access to the charging machines of a Korean mobile charger company.
✓ Compromised data: passwords to all storage devices, location and remote management of all machines, full access to device screens, real-time user data, etc.
• According to S2W’s user profiling tool ‘DarkSpider,’ the threat actor has been actively targeting Korean companies. Previously, the same actor had listed sensitive employee data from Korea’s largest call center service provider.
🔍 Sensitive Data o Major Japanese Game Company ‘S’ for Sale on Dark Web
• On April 26, developer credentials belonging to prominent Japanese game company ‘S’ were identified for sale at $2,000 on the Russian forum ‘Exploit.’
• The seller ‘Nakeki’ stated that the data would be valuable to forum users involved in illegal software development and mentioned plans to sell the information to three buyers only.
✓ The misuse of these data could potentially result in the exposure of sensitive data including game content, source code, and software development kits (SDKs). There is also a risk that pirated content or malware-infected games could be distributed, emphasizing the need for caution.
• On April 28, another post linked to company ‘S’ was uploaded to the Dark Web forum ‘Darkforums,’ offering related personal information for $500. The forum user 'LIUSHEN' claims to have access to a File Transfer Protocol (FTP) server.
🔍 Taiwan 'C Hospital Medical Records Leaked on Dark Web Forum
• On April 28, medical records from Taiwan’s ‘C’ Hospital were identified as being leaked on the Dark Web hacking forum ‘Leakbase.’
• The threat actor ‘nspire’ claimed that a cyberattack on April 14 resulted in the exfiltration of medical data, including 1,300 images. The post included a download link to part of the leaked data including 500 images and displayed 100 patient records.
• Previously, on April 13, ‘C’ Hospital was attacked by the NightSprie ransomware gang, which claimed to have stolen 800GB of data and announced plans to release it on April 26.
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.
👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I
☎️ Contact us: https://s2w.inc/en/contact
*The full report is available upon request and for XARVIS subscribers.
Attachments
Threat Intelligence Reports
Analysis of BPFDoor Malware Targeting Korean Enterprises
2025.04.30
Previous
Threat Intelligence Reports
AI-powered Threats Case Study #02: Vulnerabilities
2025.05.13
Next