Quick Summary
AllegedExecutive Summary
SOCRadar’s Dark Web Monitoring service has identified JAWS Co., Ltd., a Taiwan-based technology company, as a victim listed on the Krybit ransomware group’s dark web portal. The listing was published on July 1, 2026. Krybit has a notable pattern of targeting the technology sector, which is JAWS Co., Ltd.’s primary industry, and has a significant number of victims in Taiwan. This incident aligns with Krybit’s typical targeting profile, which includes organizations in technology, business services, and transportation and logistics. Geographically, Krybit has targeted companies in Germany, Taiwan, and Italy. Other companies with similar profiles, such as Northern Access Transportation, Inc., AeroVision Avionics, Inc., German Imaging Technologies (GIT) Dubai LLC, and The Orangeblowfish, have also been listed by Krybit. JAWS Co., Ltd.
Technical Analysis
Analysis of SOCRadar’s stealer-log telemetry revealed a significant exposure for the jaws.com.tw domain. One corporate credential targeted a Microsoft 365 identity provider, and eight additional corporate credentials were found on third-party domains. This pattern suggests endpoint compromise and potential unauthorized access to the organization’s corporate identity infrastructure. The exposure of employee credentials, particularly a Microsoft 365 identity credential, is a strong indicator of corporate intrusion and is consistent with the initial access vectors used by ransomware groups like Krybit. These credentials are often leveraged by threat actors to gain access to Microsoft 365, VPNs, or remote access portals before deploying ransomware. While this specific instance doesn’t confirm Krybit’s direct use of these credentials, it aligns with their typical kill chain. CTI teams are advised to prioritize credential rotation for the exposed identities and review Single Sign-On (SSO) authentication events.