The Week in Dark Web – 12 October 2022 – Access and Database Sales
Powered by DarkMirror™
Threat actors continued to sell databases and access to organizations’ systems on hacker forums last week. The dark web summary is full this week, as always.
Find out if your data has been exposed on the deep web.
VPN-RDweb Access Sale for an Irish Company Detected
SOCRadar detected an unauthorized access sale of an Irish telecommunication company on the hacker forum on 11 October 2022. The victim company is believed to have $25 million in revenue. The vendor states the offered access type is VPN-RDP, and admin privileges are included. Lastly, auction values are included.
Source Code & Database of a Gambling Website is Leaked
On 10 October, a hacker forum monitored by SOCRadar Analysts shared a sale. The victim is an Indian gambling website. The sale includes the website’s source code, backups, and account data. Interestingly, the vendor wants $5000, which is higher than the usual amount for typical leaks like this.
Critical Data of Iranian Intelligence is Leaked
On 10 October 2022, a leak was posted in a hacker forum that the SOCRadar regularly monitors. The post is about Iranian Intelligence. The threat actor directly shared a link to the file along with a list of the information the leak covers. Shortly, the leak contains information about
- High-level officers, presidents, elites, and both IAF & IRGC commanders
- Operational databases
- Financial logs, including supported abroad organizations
- Logs about the political prisoners and protesters; names and addresses of high-level scientists
- Exact location information of nuclear facilities
- Safehouses and operatives working for Iranian Intelligence
Russian Immigration Agency Database is Leaked
SOCRadar Analysts have found a post on a dark web forum that shares 5+ GB of stolen data from the immigration agency of Russia. The attacker claims the leak includes information about the Moskow Electoral observer corps.
Unauthorized Access Sale for Multiple Companies Detected
On 12 October 2022, a hacker forum monitored by SOCRadar Analysts posted a sale. The sale is claimed to be full access to the 13 largest companies operating in the East Europe region with $25M+ revenue annually. The vendor explains leak includes manuals about utilizing these accesses, 2500 lines of user credentials, discovered cyber security in the systems, databases, hostnames, Ip info, and more. Surprisingly, the price for the leak is $1.5 million.
Database of an Italian Company is Leaked
On 6 October, a hacker forum monitored by SOCRadar Analysts shared a 7GB database. The victim is an Italian Company that manufactures and sells sports cars. The database includes critical information about confidential documents. The vendor also claims the data is stolen by the group Ransom EXX.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.