SOCRadar® Cyber Intelligence Inc. | Dark Peep #7: Shadows of Betrayal and Leadership in Flux


Ara 22, 2023
7 Mins Read

Dark Peep #7: Shadows of Betrayal and Leadership in Flux

Shrouded in the mysterious alleys of the dark web, “Dark Peep #7” delves into a world where betrayals happen as often as tiny secrets, and leadership changes faster than data moves in cyberspace. This issue highlights surprising power changes and smart tricks that have upside down the usual order in the digital underworld.

Fig. 1. Illustration of a dramatic moment of betrayal with two threat actors in Ancient Rome. (generated using OpenAI’s DALL-E 3), dark peep #7
Fig. 1. Illustration of a dramatic moment of betrayal with two threat actors in Ancient Rome. (generated using OpenAI’s DALL-E 3)

We dive into a story where strong alliances fall apart and new, mysterious leaders rise to power, changing the face of cyber control. The stories here are more than just digital conflict; they show a deep change in the secret halls of power. They remind us how weak and short-lived authority can be in the dark web world.

Cyber Threat Group vs. Phishing

In a world where digital shadows loom large, the vigilant watchers of the cyber realm, a hacktivist threat group known as Team Insane Pakistan, has issued a crucial warning through their latest Telegram message. The message, stark and urgent, serves as a beacon of caution for the unwary:

Fig.2. Team Insane Pakistan’s Telegram Post
Fig.2. Team Insane Pakistan’s Telegram Post

This short but powerful message highlights a dangerous new scam in the digital world: a sophisticated scam targeting Facebook pages. 

As the guardians of online sanctity, Team Insane Pakistan’s warning isn’t just a message; it’s a clarion call to heighten our vigilance. Social media platforms have been playgrounds for digital marauders for too long, but this new scam is a reminder that the battle against cyber threats is constantly evolving.

KillSec’s Cyber Crew Quest: Got Skills? They Want ‘Em!

In the bright, neon-lit back alleys of the cyber world, KillSec, the hacktivist group known as the pirates of this realm, is looking for clever recruits. They want you if you’re fluent in computers and see firewalls as just the beginning of fun!

Fig. 3. KillSec’s Telegram Post
Fig. 3. KillSec’s Telegram Post

KillMilk’s Digital House Cleaning: Rats and Cockroaches Beware!

Hold onto your keyboards, folks! KillMilk, the pro-Russian cyber threat group, has just released a video on their Telegram channel. It’s more surprising than a spy story!

Fig. 4. KillMilk’s Telegram Post, dark peep #7
Fig. 4. KillMilk’s Telegram Post

KillMilk has uncovered a traitor in their ranks like a scene from a digital detective story. The result? The vigilant admin team kicked her out.

With a playful emoji, KillMilk suggests more excitement is coming. The cyber community is all ears, wondering who will be the next to go in this intense online showdown.

Here’s a clear message for everyone in the hidden parts of the internet: trust is even harder to find perfect software in this secret world.

SiegedSec’s Cat-and-Mouse Game with Telegram Continues!

People often say curiosity killed the cat, but SiegedSec, the cyber gang known as the Internet cats, has bounced back once more. Their Telegram channel has been removed from the platform again. But just like a cat with nine lives, they’ve landed on their feet, ready to leap into their next digital adventure.

Fig. 5. SiegedSec’s X Post
Fig. 5. SiegedSec’s X Post

Game Over? Ransomware Wipes Out 17,000 Heroes

In a situation that feels like it’s straight from a gamer’s worst nightmare, ‘Ethyrial: Echoes of Yore,’ an MMORPG played by 17,000 adventurers, encountered a digital challenge it couldn’t defeat: a devastating ransomware attack.

Fig. 6. Announcement on Discord (Source: BleepingComputer), Ethyrial: Echoes of Yore, dark peep #7
Fig. 6. Announcement on Discord (Source: BleepingComputer)

Thousands experienced a grim reality as cyber saboteurs wiped out their virtual alter egos and treasures in a swoop of destruction, causing their characters and achievements to vanish into thin air.

Admin Axed in CsCrew-Ganosec Clash!

A little chaos unfolded when a CsCrew admin spiced up the cyber streets with the phrase “bocil ganos duduk diam aja,” which seemed like a jab at Ganosec. Quick to quash the quibble, CsCrew showed that admin the exit in a flash!

Fig. 7. CsCrew’s statement
Fig. 7. CsCrew’s statement

The phrase “bocil ganos duduk diam aja” is in Indonesian and roughly translates to “The noisy kid just sits quietly” in English.

With one admin down and tensions hopefully cooled, will CsCrew and Ganosec play nice, or is this just the eye of the storm?

Ownership and Intrigue on BlackForums

The statement posted on Blackforums’ Telegram channel has us scratching our heads and wondering, “Is this a coup, or did someone just win the dark web’s version of a twisted ownership lottery?” A threat actor known as Astounding has declared themselves the grand overlord of BlackForums and all its cyber-minion groups. It’s like they won a sinister version of Monopoly and now have hotels on all the most dangerous digital streets.

Fig. 8. Declaration of Astounding, blackforums, dark peep #7
Fig. 8. Declaration of Astounding

We can almost picture them in a dark, digital boardroom, twirling a virtual mustache and saying, “I now own it all, muahaha!” Their shoutout to supporters adds a touch of dark comedy to this whole affair as if they’re thanking their fans for cheering on their epic digital shopping spree. Who knew ownership could be this entertaining in the weird world of cyber threats?

Echoes of Absence, the Vanishing of Govadmin

A threat group known as SkidSec Leaks has announced the loss of their leader, Govadmin, after a complete communication blackout. The group memorializes him as a key figure and warns against impostors claiming his identity. Despite the setback, SkidSec assures that operations will continue with new leadership already in discussion.

Fig. 9. SkidSec Leaks’ Telegram Post
Fig. 9. SkidSec Leaks’ Telegram Post

Furthermore, A threat actor known as Soup got all sentimental, calling Govadmin the OG (Original Gangster) of SkidSec, and even hinted that Govadmin’s ghostly messages might haunt their digital dreams forever.

SkidSec’s Propaganda Print-a-thon

The clock is ticking! A North Korean threat group, SkidSec, had rallied its followers for a unique mission targeting South Korea, urging its followers to spread images of their “glorious leader” across as many printers as they could access. The challenge was clear: inundate printers with propaganda posters and provide screenshot evidence of the efforts to qualify for the bounty.

Fig. 10. SkidSec Leaks’ Telegram Post, dark peep #7
Fig. 10. SkidSec Leaks’ Telegram Post

Navigating the Zero-Day Threat

A recent X platform post noted that hacker ‘thegrugq’ has released critical Indicators of Compromise (IOCs) for a new zero-day being leveraged by ransomware gangs. The details include URLs, IP addresses, and checksums critical for cybersecurity teams to identify and protect against this emerging threat.

Fig. 11. thegrugq’s X post (Source: X)
Fig. 11. thegrugq’s X post (Source: X)

A Web That Never Sleeps

As we close the pages of “Dark Peep #7,” one truth rings clear: the Dark Web remains a hive of ceaseless activity, its pulse unfaltering in the face of change and chaos. There’s no hint of a slowdown on this digital frontier, where each day brings new narratives of intrigue and power shifts.

For those keen on staying abreast of these ever-evolving developments, Dark Web News within the SOCRadar XTI Cyber Threat Intelligence module offers an invaluable window. This resource provides the insights and updates necessary to navigate and understand the complex, often hidden machinations of the Dark Web. It’s a tool not just for observation but for staying one step ahead in a realm where knowledge is as powerful as the codes that build it.

SOCRadar XTI’s Dark Web News page under the CTI Panel
SOCRadar XTI’s Dark Web News page under the CTI Panel (Source: SOCRadar)