Powered by DarkMirror™
This week’s edition covers the latest dark web news from the past week. admin access sale, company database theft, and stealing personal data are on the rise and took their place on the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:
PII of More Than 600 Citizens from The UAE For Sale On the Dark Web Marketplace
On May 24, 2021, a vendor attempted to sell a database containing personally identifiable information (PII) of more than 600 citizens from the UAE on a dark web forum monitored by SOCRadar. The vendor claimed to seize information on ID cards and passports of the victim citizens. Although it was not clear how the database had been obtained, the vendor asserted the database contained 1 GB of data including full names, photos, addresses and various personally identifiable information (PII).
The New Ransomware Victim of Avaddon
On May 28, 2021, on the Avaddon ransomware group website, SOCRadar detected a post allegedly announcing a ransomware attack that targeted an industrial company from Saudi Arabia. The victim corporation is a long-lasting organization providing technologic and industry specific solutions in Saudi Arabia and has a revenue of $360 million with its 1803 employees. The group behind the attack known as Avaddon is said to be also responsible for last week’s ransomware attack on Axa Asia. If the victim organization would not cooperate with the ransomware group, they threatened to leak banking data, licenses, certificates, agreements, contracts and similar sensitive information of the company. Moreover, the company was threatened to be attacked by a DDoS attack.
Phone Number Database of a Qatar Company On Sale On the Dark Web
On May 15, 2021, a vendor posted a thread claiming to sell a cıstomer database of a cricket club from UAE on a dark web forum tracked by SOCRadar. According to the post and shared sample, the database contains 1 GB of data, including personally identifiable information (PII) belonging to the victim cricket club’s clients. The surfaced files covered client’s photos and UAE ID’s.
A PII Database For Customers of a Gambling Company from Ukraine For Sale
On May 25, 2021, a vendor posted a thread claiming to sell a customer database of a gambling company from Ukraine on a dark web forum tracked by SOCRadar. According to the dark web post, the database contains personally identifiable information (PII) belonging to more than 100 thousand users of the victim gambling company. Moreover, the vendor claimed to have card numbers, emails and phone numbers in the surfaced database.
Customer Database of a Mobile Application from Spain On Sale On the Dark Web
On May 26, 2021, on a dark web forum monitored by SOCRadar, a customer database sale allegedly for a Spanish mobile application firm has been detected. While the vendor did not detail how the database was obtained, stated there are almost 20 thousand unique profiles available with users’ PII like full name, mobile phone numbers, addresses and ID numbers. Furthermore, the vendor asserted to share the victim users’ passwords which can be used for credential stuffing attacks.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.