SOCRadar® Cyber Intelligence Inc. | The Week in Dark Web – 6 December 2021 – Access Sales and Data Leaks


Dec 06, 2021
4 Mins Read

The Week in Dark Web – 6 December 2021 – Access Sales and Data Leaks

Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Again, rise of ransomware attacks, some database thefts, and stealing customer data, that took their place on the headlines this week. Click here to read the last weeks post.

Find out if your data has been exposed on the deep web.

Receive a Free Deep Web Report for Your Organization

Unauthorized Network Access Sale Detected For An Australian Shop On The Dark Web

On December 5, a dark web vendor offered to sell unauthorized network access for an Australian firm on a dark web forum monitored by SOCRadar. According to the dark web post, the buyer would have unauthorized network access to the firm’s web corporate systems and servers. The vendor also stated that the victim platform has an additional payment method, which the buyer would have access.

The New Ransomware Victim of Grief

On December 5, SOCRadar detected a post allegedly announcing a ransomware attack that targeted a firm from France on the Grief ransomware group website. Established in Villetelle, the victim corporation specializes in the wholesale trade of other household goods and has a revenue of more than $12 million. The group behind the attack, known as Grief, a ransomware gang tied to Russia, is also responsible for last month’s National Rifle Association (NRA) ransomware attack.

Database of An Online Distribution Platform Leaked On The Dark Web

On November 30, a vendor claimed to have databases allegedly belonging to an online distribution platform from The US on a dark web forum monitored by SOCRadar. Pennsylvania based victim site is engaged in hip-hop, urban and rap music. The platform was founded in the spring of 2005 and has more than 15 million users. According to the dark web post, breached database contains personally identifiable information (PII) of millions of users. The vendor also shared a sample showing a part of the database and stated that 99% of the database is decrypted.

Unauthorized Network Access For A Tech Company From Brazil Put On Sale

On December 5, on a dark web forum tracked by SOCRadar, a vendor attempted to sell unauthorized access allegedly for a technological company from Brazil. While the dark web vendor did not give the name of the victim firm, it is claimed that its revenue is over $10 million. The buyer would have RDP access and the ability to manage access and permissions based on both the endpoint device and the user. Further, the dark web vendor auctioned the access, setting a starting price of $100.

Databases Containing PII Belonging to The Customers of a Bulgarian Company Leaked On The Dark Web

On November 13, a vendor attempted to share a database allegedly containing personally identifiable information (PII) belonging to the customers of a Bulgarian firm on a dark web forum tracked by SOCRadar. According to the dark web post, the surfaced details include full names, emails, addresses and various personally identifiable information (PII). While it is unclear and how the vendor obtained the database, the dark web vendor stated that there is information belonging to more than 14 thousand customers.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.