SOCRadar® Cyber Intelligence Inc. | The Week in Dark Web – 29 November 2021 – Access Sales and Data Leaks


Nov 29, 2021
4 Mins Read

The Week in Dark Web – 29 November 2021 – Access Sales and Data Leaks

Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

The New Ransomware Victim of LockBit 2.0

On November 27, SOCRadar detected a post allegedly announcing a ransomware attack that targeted an IT firm that provides solutions for financial institutions on the LockBit 2.0 ransomware group website. The victim Mexican corporation is engaged in financial processes for credit, leasing and intelligent management of digital documents with over $22 million in revenue.

The group behind the attack known as LockBit 2.0 is also responsible for the ransomware attack on Accenture, and the victim firm tied up in $50 million. If the victim organization would not cooperate with the ransomware group, the ransom gang threatened to leak banking data, licenses, certificates, agreements, contracts, and similar sensitive information belonging to the victim organization.

Customer Database of An E-commerce Firm Leaked On The Dark Web

On November 25, a vendor claimed to have databases allegedly belonging to an e-commerce company on a dark web forum monitored by SOCRadar. The dark web vendor did not give any detail about the victim company. However, according to the sample, the breached database contains PayPal account information with various personally identifiable information (PII) of thousands of customers. The vendor started the auction with $2500 for the database.

Unauthorized Access Sale Detected For A Company From Singapore On The Dark Web

On November 26, on a dark web forum monitored by SOCRadar, a vendor offered to sell unauthorized RDP access allegedly for a company from Singapore. While the dark web vendor did not give the firm’s name, it is stated that the victim company is engaged in business services and has a revenue of $125 million with 660 employees.

New Fraud Pack with Methods Shared On The Dark Web

On November 26, on a dark web forum tracked by SOCRadar, a vendor shared a post including a new fraud pack for PayPal and banking accounts. Regarding the vendor’s post, the fraud pack contains methods for PayPal fraud, tools for these videos and hacking videos showing how the tools could be used. According to the SOCRadar analyst team, when these methods started to be used by threat actors, it could result in severe fraudulent incidents.

Unauthorized Network Access Sale Detected For An Oil Pipeline Firm from Brazil On The Dark Web

On November 26, a dark web vendor attempted to sell unauthorized network access for a Brazilian oil pipeline firm on a dark web forum tracked by SOCRadar. According to the dark web post, the buyer would have web shell access to the firm’s web corporate systems and servers. The vendor also stated that the victim firm has been in existence since the 1900s and put the network access on sale for $1.2 thousand.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.