The Week in Dark Web – 31 October 2022 – Data Leaks and Access Sales
Powered by DarkMirror™
Threat actors continued to sell databases and access to organizations’ systems on hacker forums last week. Check out the latest dark web summary and see what’s happening on the dark side.
Find out if your data has been exposed on the deep web.
Database of Taiwan Military Service is for Sale
On 25 October, a notice for selling a new alleged database belonging to Taiwan Military Service was published in a hacker forum. The threat actor claims that the database has all the military personnel information, including the reserve troops. The vendor continues that the leak contains the info taken from ris[.]gov[.]tw, which is the e-government portal of Taiwan. It has come to a SOCRadar Dark Web Researcher’s attention that the source of the leak is the same as the previous ris[.]gov[.]tw originated data leaks but also the vendor.
Russian Police Database is Leaked
On 25 October, SOCRadar Dark Web Researchers found a new leaked database on the dark web. The database belongs to the Russian Traffic Police Department’s records between 2019 and 2022. No additional information is stated, so it is not clear whether this is an act of hacktivism or not.
Source Code of VAPA is for Sale
SOCRadar detected a source code leak of Amazon’s VAPA AI-driven ad service in a hacker forum on 26 October 2022. VAPA is Amazon’s AI-driven advertising tool for Amazon Business. The vendor claims that leak source code is the only PPC tool of Amazon and sells the source code in exchange for $9000.
Iran Atomic Energy Organization’s Database is Leaked
In a hacker forum monitored by the SOCRadar Dark Web team, a database containing sensitive information about the Iranian Atomic Energy Organization (AEOI) is leaked. The headline of the post highlights that Black Reward stole the leaked database. It also includes a website that shares the news about the information. The data breach possibly occurred due to the recent counter-hacktivism operation after the police brutality incidents during the Mahsa Amini protests.
Unauthorized Access Sale for an American Shopping Website
SOCRadar researchers have found a post on a dark web forum that sells unauthorized shell access for an American shopping website. The threat actor is auctioning the access until 3 November and continues that the website can access an average of 45-50 credit card credentials daily.
Qatari Citizen’s Database is on Sale
On 24 October 2022, an announcement was posted in a hacker forum that the SOCRadar Dark Web Team monitors. The post is about a database sale that belongs to Qatari citizens. The Vendor claims that the database has 1.5 million lines of information, and each line has personally identifiable information (PII), banking information, and address information. The leak is significant since Qatar is preparing to host the next FIFA World Cup in a few weeks.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.