Reading:
The Week in Dark Web – 14 May 2021 – Attacks Escalate

The Week in Dark Web – 14 May 2021 – Attacks Escalate

May 14, 2021
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Ransomware attacks, company database theft, and stealing personal data are on the rise and took their place on the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:

The New Ransomware Victim of Avaddon

On May 12, 2021, on the Avaddon ransomware group website, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a government corporation from Indonesia. The victim corporation is a state-owned enterprise providing air traffic services and business airports in Indonesia. The group behind the attack known as Avaddon is said to be also responsible for the last day’s ransomware attack on Axa Asia. If the company would not cooperate with the ransomware group, they threatened to leak banking data, licenses, certificates, agreements, contracts and similar sensitive information of the company. Moreover, the company was threatened to be attacked by a DDoS attack.

A PII Database for Customers of a Cricket Club from UAE For Sale

On May 15, 2021, a vendor posted a thread claiming to sell a customer database of a cricket club from UAE on a dark web forum tracked by SOCRadar. According to the post and shared sample, the database contains 1 GB of data, including personally identifiable information (PII) belonging to the victim cricket club’s clients. The surfaced files covered client’s photos and UAE ID’s.

Unauthorized Network Access Sale for an Online Grocery from Qatar Detected on the Dark Web

On May 9, 2021, unauthorized network access was on sale, allegedly belonging to an online grocery platform from Qatar on a dark web forum monitored by SOCRadar. According to the vendor’s claim, the victim platform has received 725 orders in the last month and almost all of the orders were given by credit or debit card. The actor claimed to have access to the control panel and complete databases at the admin level.

A Database for A Mexican University with 4500 Students Dumped on the Dark Web

On May 13, 2021, on a dark web forum monitored by SOCRadar, a vendor put a database allegedly belonging to one of the largest universities in Mexico for sale. Coahuila based victim university is dedicated to environmental sciences, agriculture, animal production and has about 4500 students on its two campuses. According to the vendor’s claim, there are emails, full names, mobile telephone numbers and addresses of students in the database.

A Database Sale for an Online Retailer from Malaysia Detected on the Dark Web

On May 13, 2021, a vendor attempted to sell a database for an online retailer from Malaysia on a dark web forum monitored by SOCRadar. The victim is an online platform selling personal, home, kitchen products and electronics with an estimated annual revenue of $2.9 million. According to the dark web vendor, who did not give any details about how the database was obtained, it involved emails of over 1.3 million customers.


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.