Sales of American and Brazilian Companies’ RDP Access, UK and India Government Site Databases
In the past week, SOCRadar’s Dark Web Team uncovered concerning findings from hacker forums. Threat actors have claimed to leak sensitive databases, including those of India’s Income Tax Department, the UK’s Gambling Commission, and the International Advertising Association. Additionally, unauthorized Remote Desktop Protocol (RDP) access to American and Brazilian companies was found for sale.
Database of India Income Tax Department is Leaked
The SOCRadar Dark Web Team has detected a post in a hacker forum where a threat actor claims to have accessed and leaked the user database of the Income Tax Department of India’s website, incometaxindia[.]gov[.]in. This alleged breach, reported to have occurred on January 31, 2024, compromises the sensitive information of 5,722 users. The data exposed includes user IDs, encrypted passwords, email addresses, phone numbers, user status indicators (such as superuser status, staff status, email, and phone verification statuses), and personal details like first and last names, date of birth, and employee IDs. The threat actor suggests that the breach utilized the Ontym system, designed to simplify users’ tax filing process.
Database of Gambling Commission is Leaked
On January 31, SOCRadar detected a post on a hacker forum where a threat actor claimed to have leaked the database of the Gambling Commission, tasked with regulating and overseeing gambling practices in Great Britain. This alleged breach, purportedly occurring in January 2024, exposed sensitive information from the gamblingcommission[.]gov[.]uk website. The data leak includes comprehensive details such as account numbers, license information, account and domain names, status, type of activity, start and end dates, and personal and location information like address lines, city, postcode, and country for over 100 users.
Unauthorized RDP Access Sale is Detected for an American Engineering Company
The SOCRadar Dark Web Team has discovered a post on a hacker forum where a threat actor claims to be selling unauthorized Remote Desktop Protocol (RDP) access, allegedly belonging to an American engineering company. This company, identified by its geographical location in the USA, operates in the engineering, design, and architecture sectors and reports revenue of $9.1 million. The threat actor offers RDP access with Domain Admin privileges for $1000, directing potential buyers to contact them on Telegram.
Unauthorized RDP Access Sale is Detected for a Brazilian Freight and Logistics Service
The SOCRadar Dark Web Team has identified a post on a hacker forum where a threat actor claims to offer unauthorized Remote Desktop Protocol (RDP) access, allegedly to a Brazilian freight and logistics service. This company, described as operating within the freight and logistics industry, reportedly generates revenue of $7.8 billion. According to the post, the access being sold provides local user privileges, priced at $900.
Database of International Advertising Association is Leaked
A SOCRadar Dark Web Analyst has detected a post on a hacker forum where a threat actor claims to have leaked the database of the International Advertising Association (IAA), a worldwide network for marketing and communications professionals. This alleged leak includes its members’ detailed personal and professional information, such as identification numbers, names, emails, membership details, addresses, contact numbers, company and position information, and other sensitive data like birth and payment details. According to the post, the data encompasses various aspects from membership inception to professional affiliations and contact information, highlighting the extensive privacy breach this leak represents.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.