Powered by DarkMirror™
This week’s edition covers the latest dark web news from the past week. Ransomware attacks, company database theft, and stealing personal data are on the rise and took their place on the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:
The New Ransomware Victim of Avaddon
On April 24, 2021, on the Avaddon ransomware group website, SOCRadar detected a post allegedly announcing a ransomware attack that targets a company from the government-industry in Brazil. Parana based company has a revenue of over $737 thousand, and if the company would not cooperate with the ransomware group, they threatened to leak banking data, licenses, certificates, agreements, contracts and similar sensitive information of the company. Moreover, the victim organization was threatened to be attacked by a DDoS attack.
A Database for 40 Thousand Students of a University in Indonesia On Sale
On April 26, 2021, a vendor attempted to share a database allegedly including students’ sensitive information on a dark web forum tracked by SOCRadar. The victim university is a state university with around 25 thousand students and 650 academic staff. According to the dark web post, the database comprised over 2 million lines and 40 thousand emails.
Citrix Access Sale for an Investment Company from UAE Detected on the Dark Web
On April 26, 2021, a dark web vendor attempted to sell Citrix accesses for an investment company from UAE on a hacker forum monitored by SOCRadar. Citrix is a gateway with customers worldwide, providing companies with continuous remote access to their applications. According to the post, the victim company, having revenue of millions of dollars, was established to develop the healthcare industry. The vendor offered to sell Citrix accesses starting from $1000.
Backend Log Database of a Supermarket Chain from Chile For Sale on the Dark Web
On April 27, 2021, a vendor posted a thread claiming to sell a backend log database of a supermarket chain from Chile on a dark web forum tracked by SOCRadar. According to the post and shared sample, the database contains full names and ID numbers. Other information in the leaked dump includes Personally Identifiable Information (PII). Besides, the vendor stated there is around 125 MB of data in CSV.
Virtual Private Network Access Sale for a Telecommunication Company from Malaysia
On April 28, 2021, a vendor attempted to sell VPN access for a telecommunication firm from Malaysia on a dark web forum monitored by SOCRadar. Kuala Lumpur headquartered victim organization is one of the largest telecommunication firms, with over 23 thousand employees and a revenue of $3 billion. According to the dark web post, there are over a thousand computers in the virtual private network and the buyer could reach these computers thanks to the access.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.