SOCRadar® Cyber Intelligence Inc. | The Week in Dark Web – 24 January 2022 – Ransomware Attacks and Data Leaks


Jan 24, 2022
3 Mins Read

The Week in Dark Web – 24 January 2022 – Ransomware Attacks and Data Leaks

Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

A New Victim of The Notorious Ransomware Group Lockbit 2.0

On January 19, the notorious ransomware group announced an attack targeting a business strategy firm from Spain on the ransomware site monitored by SOCRadar. The victim firm provides consulting and technology solutions to manage customer and employee experiences. Also, it has a revenue of $71 million. The ransomware group claimed to publish sensitive files belonging to the victim organisations.

Unauthorised AWS Access Sale Detected For a Telecommunication Firm Operating in The USA

On January 17, a dark web vendor attempted to sell unauthorised AWS access for a telecommunication firm that operates in the USA on a dark web forum monitored by SOCRadar. The dark web vendor stated that the victim corporation, headquartered in Mexico, has more than 14 thousand employees and a revenue of over $10 million. Its US and Mexico websites draw 6 million internet traffic with its 120 subdomains in a month. The vendor claimed to hack 300 servers, and the buyer would have permissions on different AWS services.

Credential Database of An Indian Fashion Retailer Put For Sale On The Dark Web

On January 23, SOCRadar detected a post allegedly attempting to sell a credential database belonging to a fashion retailer from India. The victim firm is one of the largest retail companies, with a revenue of more than $700 million. According to the underground market post, the database includes over 3 million users’ emails and passwords. Also, the vendor stated the buyer could purchase just an email for $10.

New Recruitment Post Detected for Extracting Data From Various Chinese Websites

On January 23, a recruitment post was published on a dark web forum tracked by SOCRadar. The dark web recruiter was looking for a hacker with proficiency to extract data from various Chinese websites. The recruiter also stated to want continued access to dump the data daily. According to the dark web post, the eligible hacker for the job would be rewarded with $100 thousand.

A Laboratory Firm from France Hit by Hiveleaks Ransomware

On January 20, a ransomware post allegedly announcing an attack that targeted a laboratory firm from France was detected in the Hiveleaks ransomware group site tracked by SOCRadar. Founded in 1971, the victim group develops hygiene and care products for the medical and hospital world and the whole family. The ransomware group also stated the attack was performed before the end of July, and corporate information was encrypted on July 26, 2021.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.