The Week in Dark Web – 24 January 2023 – Access Sales and Data Leaks
Powered by DarkMirror™
Threat actors cause cybercrime to spread to a broader base with databases and unauthorized access sales. Without the ability to obtain the database, attackers can purchase personal information from other threat actors and use it in social engineering campaigns. Or conditions may be ripe for ransomware with an access purchase.
The global threat landscape now appears as a network of cybercriminals professionalized in specific areas.
Check some of the posts we observed past week on the dark web.
Find out if your data has been exposed on the deep web.
Sensitive Data of Samsung Group is for Sale
On 17 January, the SOCRadar Dark Web team detected a post elaborating on a data sale allegedly belonging to Samsung Group. In the post, threat actors claim that Samsung Group’s business data files in France, Samsung’s internal MFA flow chart, Samsung Group’s internal demonstration video, and the necessary procedures for Samsung’s internal system login, Samsung’s intranet system employee access credentials, and all Samsung employee credentials are stolen and can be sold via direct messaging to the vendor.
Unauthorized Access Sale for an American Coffee Company
On 16 January, SOCRadar found an unauthorized access sale about an American coffee company on a hacker forum. The sale includes access to 6 restaurants connected to the chain and the implementation of access. The price is 1BTC which is surprisingly above the average market value for these access sales.
Patched Exploits is Shared for Cacti
On 16 January, SOCRadar detected a post that shares information about patched exploits in Cacti, which is still effective for the versions below 1.2.22. Mentioned vulnerabilities’ effects range from authentication bypass, command injection, and input validation would allow an unauthenticated user to execute arbitrary code.
Database of Chinese Citizens for Sale
On 16 January, a SOCRadar dark web researcher found a post that vendors Chinese citizens’ data which is claimed to be obtained from a point of sale in China. The database contains 4.3 million Chinese citizens’ data consisting of personally identifiable information (PII).
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.