Reading:
The Week in Dark Web – 7 May 2021 – The Business of Hacking

The Week in Dark Web – 7 May 2021 – The Business of Hacking

May 7, 2021
Powered by DarkMirror™

This week’s edition covers the latest dark web news from the past week. Ransomware attacks, company database theft, and stealing personal data are on the rise and took their place on the headlines this week. Click here to read the last week’s edition. Here are the details of the major events that took place on the deep web this week:

Customer Databases of Telecommunication Companies From Brazil For Sale On the Dark Web

On May 3, 2021, on a dark web forum monitored by SOCRadar, a vendor put customer databases on sale allegedly belonging to the top three mobile phone operators in Brazil. The first organization is allegedly the largest telecommunications company in Brazil and provides mobile telecommunication services with its 34 thousand employees. The second victim is a cellular phone provider and has over 65 million customers in Brazil. The third company also provides telecommunication solutions but it is the Brazilian subsidiary of a different organization from Italy. According to the dark web post, there are three different databases including personally identifiable information (PII) of these companies’ customers and the total compressed size of these databases is 10.2 GB. Moreover, the shared samples clearly show that the surfaced details included full names, addresses and phone numbers of almost 170 million people and according to the SOCRadar Analyst these phone numbers can be targeted by phishing and social engineering attacks.

A Database Sale Detected For Mexican Brand of an International Organization

On May 7, 2021, on a dark web forum monitored by SOCRadar, a database assertedly belonging to an international organization for sale. The victim organization serves homeland security intelligence for countries and according to the dark web post there is sensitive electoral information about Mexican Brand in the database. While the vendor did not detail the database, stated there are 30 thousand unique files available with individuals’ ID cards.

An Indonesian FinTech Startups Database For Sale On the Dark Web

On May 5, 2021, on a dark web forum monitored by SOCRadar, a vendor attempted to sell a database allegedly belonging to an Indonesian FinTech startup. While there is any detail about the victim startup, there were over 40 thousand files including ID cards, selfies, credit and debit cards and passports. Moreover, the vendor stated the dump data was obtained from the startup in 2017 and 2019.

A Database Containing UAE Citizens’ Information For Sale

On May 4, 2021, on a dark web forum monitored by SOCRadar, a dark web vendor offered to sell a database containing sensitive information belonging to UAE citizens. There is no information about how the vendor obtained the database. However, according to the vendor’s claim, the database comprises 850 files including ID cards, passports and resumes.

A Database for Saudi Insurance Broker Company Dumped On the Dark Web

On May 3, 2021, a customer database was on sale allegedly belonging to a Insurance company from Saudi Arabia on a dark web forum monitored by SOCRadar. According to the dark web post, the vendor seized the database from the main server of the victim insurance broker company whose customers vary from international banks operating in Saudia Arabia to different medical institutions. The vendor, selling all data of 30 clients of the broker organization, detailed the database and stated there are contracts, medical documentations, driver licenses and various personally identifiable information (PII).


Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, it is simply not feasible to monitor all sources which can be time-consuming as well as challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by targeted country or industry.