The Week in Dark Web – 24 October 2022 – Access Sales and Data Leaks

Powered by DarkMirror™

Threat actors continued to sell databases and access to organizations’ systems on hacker forums last week. Check out the latest dark web summary and see what’s happening on the dark side.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Phone Database of China is on Sale 

On 20 October 2022, a threat actor posted a database sale in a hacker forum that the SOCRadar regularly monitors. The database contains 104.92 million lines of data, where each line consists of a name, phone, and subscription ID number. The vendor does not elaborate on the sale and directs a Telegram account to discuss it.

Governmental Database of Taiwan Leaked

On 21 October, on a hacker forum monitored by SOCRadar Analysts, a post was shared related to a database leak of Dept. Of Household Registration of Taiwan. Threat actor claims that the database includes 23+ million people, the total Taiwanese population. The database includes Personally Identifiable Information (PII) of Taiwanese citizens. 

Unauthorized Admin Access Sale for a French Company

SOCRadar detected a new alleged authorized network access sale for a company that operates in France on the hacker forum on 17 October 2022. The vendor claims that the company has a revenue of $10 billion and sells the access for $1500.

Sensitive Documents of a Paper Factory in Ukraine Leaked

On 19 October, SOCRadar noticed that new alleged sensitive documents of a paper factory in Ukraine were leaked. The leak consists of critical operational information, numbers, and personally identifiable information (PII). The vendor elaborates on the operations of the factory, which is located in Kharkiv Oblast. Threat actor also claims that the factory has been helping Ukrainian Armed Forces to transport wounded soldiers since 2014. 

Database of a Popular Russian CRM Software Database is on Sale

On 19 October, SOCRadar noticed a new alleged Russian CRM software database leaked. The leak consists of 20GB of information that includes multiple sub-databases and scripts of the companies that purchased and used the software between 2014 and 2022. The leak has 4 million lines. The threat actor wants $6000 as a price and claims they would donate some part of the money to the Ukrainian Armed Forces. 

Database of Russian ESIA is on Sale

On 18 October, SOCRadar noticed that a new post about the alleged Russian Unified Identification and Authentication System (ESIA) database was shared. The leak consists of 2.5 million Russian citizens’ personal information. The vendor explains ESIA in the post and then starts the auction from $15.000 for the database. They also claim that some of the given money would be donated to the Ukrainian Armed Forces.

Multiple RDP and VPN Access Sales Detected

SOCRadar detected a new alleged authorized network access sale post in a hacker forum on 18 October 2022. The vendor shares 13 unauthorized network accesses in a post. Each network, including country and industry information, is on sale separately. Also, access type and bypassed security system information are shared in the post. Prices range from $60 to $250. 

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.