DUX Health Leak, Energy Sector Breaches, Chrome Exploit, Spotify Tool, and More Dark Web Highlights

Hacker forums are buzzing with alarming activity this week, with SOCRadar’s Dark Web Team uncovering critical data breaches in the global energy sector and the sharing of a Google Chrome exploit targeting CVE-2024-9122. Other findings include the leak of DUX Human Health’s customer database, a Spotify account generator tool enabling platform manipulation, and unauthorized SSH access sales linked to multiple companies worldwide.

Receive a Free Dark Web Report for Your Organization:

Alleged Database of DUX Human Health is on Sale

SOCRadar Dark Web Team detected a post on a hacker forum advertising the sale of an alleged database from DUX Human Health, a Brazilian brand specializing in nutritional supplements and foods with over 150 products in its portfolio.

According to the threat actor, the compromised data includes CPF (Brazilian individual taxpayer registry) numbers, names, email addresses, phone numbers, and shipping addresses. The database, dated starting from May 30, 2024, is 724MB in size, formatted in JSON, and contains 236,157 records.

Alleged CVE-2024-9122 Exploit of Google Chrome is Shared

SOCRadar Dark Web Team detected the sharing of an exploit targeting CVE-2024-9122, a reported vulnerability in Google Chrome. According to the threat actor, the exploit has been tested successfully on both stable and latest canary builds of Chrome for Windows x86-64. It is claimed to work by chaining with another exploit and continues to generate traffic.

The post includes an HTML snippet showcasing the exploit’s structure and code, highlighting potential risks for Chrome users if the vulnerability is exploited maliciously.

Alleged Data of Qatar Gas, ADNOC, and Bell Energy are on Sale

SOCRadar Dark Web Team identified a post on a hacker forum advertising the sale of 30GB of allegedly stolen data associated with Qatar Gas, ADNOC, and Bell Energy, three key entities in the global energy sector.

Qatar Gas, now operating as QatarEnergy LNG, is recognized as the world’s largest producer of liquefied natural gas. ADNOC (Abu Dhabi National Oil Company) serves as the state-owned oil company of the United Arab Emirates, while Bell Energy is engaged in energy transition, biofuels, and waste management initiatives in Abu Dhabi.

According to the threat actor, the dataset includes highly sensitive materials such as internal documents, oil and gas plant designs, detailed location information, confidential reports, and restricted communications. The files are described as containing critical project details, infrastructure plans, internal audits, and strategy documents, with classifications labeled as “Internal” or “Need-to-Know.”

The data is being offered for $100,000, with contact details provided through a Telegram account. If substantiated, this incident poses significant risks to operational security and the confidentiality of proprietary information within the global energy sector.

Spotify Account Generator Tool is Shared

SOCRadar Dark Web Team detected a post on a hacker forum claiming the release of a Spotify account generator tool.

According to the threat actor, the tool enables users to create multiple Spotify accounts with ease. The actor highlights how such tools can be exploited, stating that mass-created accounts can be used alongside a “streaming bot” to artificially increase views on songs, potentially manipulating Spotify’s platform. This tool demonstrates vulnerabilities in Spotify’s account creation process, posing risks to the platform’s integrity.

Alleged Unauthorized SSH Access Sales Detected for Many Companies

SOCRadar Dark Web Team identified a post on a hacker forum advertising the sale of unauthorized SSH (Secure Shell) accesses allegedly linked to multiple organizations across various countries.

According to the threat actor, the offering includes SSH accesses with varying hardware specifications, geographic locations, and permission levels (user or root access). The accesses are being sold as a package of 19 entries for $500, with payment accepted exclusively in Monero (XMR) cryptocurrency.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.