The Week in Dark Web – 28 November 2022 – Data Leaks & Sales
Powered by DarkMirror™
The SOCRadar research team found mostly database sales and data leaks in this week’s Dark Web Weekly.
Here are the highlights of what happened on the dark web last week.
Find out if your data has been exposed on the deep web.
Sensitive Data of Judiciary & Governmental Organizations of UAE are on Sale
On 22 November, SOCRadar noticed that threat actors posted sensitive documents belonging to UAE governmental and judiciary documents for sale on a hacker forum. The vendor states in the post that documents will only be sold to two different customers at most since documents are highly valued. Then, the vendor continued with conditions of the sale, such as escrow (middleman) service, accepted payment method, and contact information.
Qatari Civil Aviation Data for Sale
On 22 November 2022, an announcement was posted in a Telegram channel that the SOCRadar Dark Web Team monitors. The sale is about data from the Qatari Civil Aviation Authority allegedly obtained, which has an official gov[.]qa extension.
Database of 188 million Pakistani People’s Phones is for Sale
On 22 November 2022, SOCRadar Dark Web Researchers found a Database sale that included 188 million Pakistani Citizens’ personally identifiable information (PII). Those are phone numbers, names, and addresses. The vendor also shares 3 million lines of information to sample the database. Considering Pakistan has a population of 244~million people, a database of 188 million comprises 77% of the total population.
A Database Request for Pakistani National Database and Registration Authority
On 20 November, a Telegram channel monitored by SOCRadar witnessed an interesting conversation. In the channel, one user explicitly stated that they needed the National Database and Registration Authority (NADRA) database. Due to anonymity, Telegram channels play a crucial role in Dark Market Sales. Database requests that directly address organizations are one of the uses of these channels, among many others.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.