British and Mexican Companies’ Access Sales, Airline Breach, US Citizen Data Leak
The relentless pace of dark web threats persists. The SOCRadar Dark Web Team reveals a fresh wave of illicit activities. These incidents have a global reach, impacting businesses across various sectors, from British business services to Mexican e-commerce, and airline companies. The latest discoveries highlight unauthorized access sales to vital systems and sensitive data leaks, raising concerns for organizations’ digital security.
Here are the latest dark web activities that have piqued our interest.
Find out if your data has been exposed.
Unauthorized RDP Access Sale is Detected for a British Business Services Company
The SOCRadar Dark Web Team has detected a post in which a threat actor claims to possess unauthorized access to the internal network of a British business services company. This breach threatens the security and confidentiality of the company’s data and operations. The threat actor provides details about the compromised system, including information about user rights, the number of domain computers, operating systems, antivirus software, and even access to backup systems.
Unauthorized Admin Accesses Sale is Detected for Mexican E-Commerce Companies
The SOCRadar Dark Web Team has detected a post in a hacker forum that a threat actor claims to be selling unauthorized admin access to e-commerce companies operating in Mexico. The access being offered includes SFTP Admin Access, with details about the number of orders processed by these companies in 2023. The threat actor provides pricing information for this illicit access, with a starting price of $800, incremental steps of $200, and an instant buy option at $1,800.
Sensitive Data of American Citizens are Leaked
The SOCRadar Dark Web Team detected a post in a hacker forum that a threat actor claims to have sensitive data of American citizens available for potential misuse. The data allegedly includes 4 million “fullz” records, which typically comprise personally identifiable information such as Date of Birth (DoB) and Social Security Numbers (SSN). The threat actor suggests that some of these records are “half-broken” and suitable for testing purposes, including testing virtual credit cards (VCCs).
“Fullz” refers to a complete set of personally identifiable information, while “half-broken” indicates that the data may be incomplete or contain errors, both of which are often exploited by cybercriminals for identity theft and fraud.
Unauthorized Accesses Leak is Detected for Airline Companies
The SOCRadar Dark Web Team has identified a post where a threat actor claims to possess unauthorized access to systems belonging to various airline companies. The alleged breach encompasses a range of critical systems, including the Airbus Technical Repository, Cargolux Learning Management System (LMS), Noi Bai Airport’s live system, as well as training systems utilized by Cargolux and Philippine Airlines.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.