ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: January 2026, Week 3
2026.01.28

☑️ Weekly Darkweb – January Week 3, 2026



🔍 Taiwanese Major Technology Firms Targeted by Ransomware Attacks


• On January 19 and 20, major Taiwanese manufacturing and technology firms were identified on the leak sites of Everest, Qilin, WorldLeaks, and The Gentlemen ransomware gangs.


• [Everest] On the 19, Taiwanese computer server hardware company A, engineering company G, and construction component manufacturer W were posted on the Everest gang's leak site. Notably, the gang claimed to have stolen 509GB of sensitive data from company A, including firmware and BIOS (computer basic programs), uploading six sample images.


• [WorldLeaks/Qilin] On the 20th, Taiwanese electronics company M was listed on the WorldLeaks ransomware gang's leak site. On the 19th, Taiwanese fashion brand Y was uploaded to the Qilin ransomware gang's leak site. In both cases, no details were disclosed.


• [The Gentlemen] On the 20th, Taiwanese tool distributor P was added to the victim list on The Gentlemen ransomware gang's leak site, though no related sample files were disclosed.



🔍 U.S. Military Airfields Sensitive Information Leaked on Dark Web


• On January 18, detailed information related to U.S. military airfields was identified on the dark web hacking forum “DarkForums.”


• Forum user ‘Solonik’ claimed to have exfiltrated data on 23 airfields, including facility names, coordinates, elevation, location details, and Federal Aviation Administration (FAA) identifiers, releasing the dataset as samples. The samples include names of U.S. Air Force, Marine Corps, and Army airfields.


• According to cybercrime investigatioan solution XARVIS, ‘Solonik’ is distributing the data not only on the hacking forum but also via a privately operated Telegram channel.


✓ On the same day, ‘Solonik’ also posted customer data of a major Iranian telecommunications company and data related to the Iran National Standards Organization on the Telegram channel.



🔍 Personal Information Linked to North Korean Individuals Leaked on Dark Web


• On January 20, personal information linked to North Korean Individuals was identified on the dark web hacking forum ‘DarkForums’.


• Forum user ‘CY8ER_N4TI0N’ released a sample TXT file (18KB). The file contained personal data of approximately 40 individuals, including names, birthplaces, occupations, and accident histories, written in Indonesian.


• According to S2W's user profiling tool, ‘CY8ER_N4TI0N’ has since been continuously distributing data since joining hacking forums in January, including details on the Indonesian National Police, the National Assembly, taxpayer identification numbers, and universities.

 


👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260125_EN.pdf
Threat Intelligence Reports
React2Shell Vulnerability Analysis: CVE-2025-55182
2026.01.27
Previous
News Highlights
Weekly Darkweb: January 2026, Week 4
2026.02.04
Next
List