ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: January 2026, Week 2
2026.01.21

☑️ Weekly Darkweb – January Week 2



🔍 Japanese Automaker N Reportedly Targeted by Everest Ransomware Gang


• On January 10, Japanese global automaker N was listed as a victim on the Everest ransomware gang’s leak site.


  ✓ Automaker N operates production and sales networks worldwide and reported annual revenue of about $80 billion in fiscal year 2024.


• The threat actors claimed to have stolen about 900 GB of data from N and posted six sample images, including a file list and portions of a dealer management Excel file, as evidence.


• The threat actors stated that they would release the full dataset if negotiations are not reached by January 18.



🔍 Customer Data From Taiwan Financial Firms Offered for Sale on Dark Web


• Two financial firm in Taiwan had customer data listed for sale on the dark web hacking forum ‘ DarkForums ’ by a threat actor known as ‘ Solonik .’


• (01/08) A post offering 380,000 customer records from Taiwan-based financial firm K was identified. The threat actor claimed to have obtained asset management and investment profiles and uploaded personal and financial information as evidence.


• (01/08) A post offering for sale 2.15 million customer records from the Taiwan unit of global investment firm F was identified. The threat actor claimed to have obtained investment funds and portfolio planning data and uploaded personal and financial information as evidence


→ According to S2W’s user profiling tool, ‘ Solonik ’ has been active on the DarkForums since Jan. 7 and posted more than 100 data sale listings within a week. The threat actor also uploaded sample files through a self-operated Telegram channel, ‘ Solonik Files | BF & DF.’



🔍 U.S.-based Computer Equipment Manufacturer D Data Posted on Dark Web


• On January 12, U.S. computer equipment manufacturer D’s database was identified on the dark web hacking forum ‘ BreachForums .’


  ✓ D is a multinational information technology company that designs and sells PCs, servers, data storage systems and network switches.


• The data was shared as an SQL dump containing more than 5,000 records, including employee email addresses, IP addresses, VPN and GitLab access URLs, and social media integration details. A separate ‘combo list’ containing username-and-password combinations was also provided.


  ✓ The disclosure of the combo list could lead to credential-stuffing attacks, prompting heightened caution.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260118_EN.pdf
Threat Intelligence Reports
Threat Group Profiling: LockBit 5.0
2026.01.20
Previous
Threat Intelligence Reports
React2Shell Vulnerability Analysis: CVE-2025-55182
2026.01.27
Next
List