Powered by DarkMirror™
This week’s edition covers the latest dark web news from the past week . Attacks on company databases and stealing personal data have become popular and hit the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:
Ransomware Attack Hit one of the Grain Milling Companies of Brazil
On April 11, 2021, a post was shared allegedly that announced a ransomware attack targeting a grain milling company from Brazil. The victim organization specializes in flour and other grain mill products, and also generates over $460 million in sales. If the company would not cooperate with the ransomware group, they threatened to leak financial documents, certificates, agreements, contracts and similar critical assets for the company. Moreover, the company was threatened to be attacked by a DDoS attack. A group known as ‘Avaddon was behind the attack on the victim company. The same group is claimed to be responsible for the ransomware attack on a government institution of Brazil in February.
Employee Database of Saudi Telecom Giant On Sale Allegedly
On April 12, 2021, a vendor offered to sell a database of a Saudi telecommunication firm’s employees on a dark web forum monitored by SOCRadar. The victim company has a revenue of almost $14 billion. According to the threat actor’s claim, the database contained over 500 thousand employees’ PII (Personal Identifiable Information) data like email, phone number, address.The actor, giving no detail about when the database was dumped, wanted to sell these PII data for $1700.
An Argentine e-Commerce Allegedly Suffers Significant Hacking Attack
On April 12, 2021, new login credential data of an e-commerce company from Argentina was leaked by a vendor on a dark web forum monitored by SOCRadar. While it is not clear about how the credential data was obtained, the vendor claimed to share the email credentials of 14 employees from the customer service department. According to the SOCRadar Analyst, threat actors can use employees’ name, image, and personal web appearance to target them and their business network.
Indonesian Citizens Data On Sale
On April 14, 2021, a vendor attempted to sell API keys for searching data belonging to Indonesian citizens, on a dark web forum monitored by SOCRadar. According to the vendor’s claim, the buyer could reach full name, ID number, date of birth and other PII thanks to these API keys. Seizing the PII, hackers can create official documents or run social engineering attacks with phishing emails.
Database Sale for Polimas Malaysia on Dark Web Marketplace
On April 15, 2021, a vendor posted a thread claiming to sell 4 GB of data belonging to an educational institution from Malaysia, on a dark web forum tracked by SOCRadar. The victim institution has 6000 students and according to the post, information in the leaked dump includes ID cards, personal photos and financial documents of students. It is unclear how the database was seized and how much was the price of the database.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.
