☑️ Weekly Darkweb – February Week 4, 2026

🔍 China’s Largest State-Owned Automaker Targeted by Beast Ransomware Gang

• On January 24, approximately 700GB of internal data belonging to China’s largest state-owned automaker, S company, was targeted by the Beast ransomware gang.

✓ S Company is listed on the Shanghai Stock Exchange and reported annual revenue of approximately $87.2 billion in 2024.

• The ransomware gang set February 27 as the negotiation deadline and uploaded images containing evidence of the attack, including project folder lists, investment budget files, project proposal reports, vehicle model master plans, system performance report lists and system design documents.

🔍 France-Based Global Insurance Internal DB for Sale on Dark Web

• On January 21, a post offering the internal database of France-based global insurance company A for sale was uploaded to the dark web hacking forum ‘BreachForums’.

✓ Company A is a France-based multinational insurance and financial group, with annual revenue confirmed at approximately €116 billion in 2025.

• The forum user claimed to have stolen approximately 214MB of data containing personal information, including email addresses, passwords and personally identifiable information (PII). The user claimed the data was directly obtained and published portions of detailed insurance contract records as proof.

• The seller, identified as ‘breach3d,’ is believed to be a co-owner of BreachForums and previously posted data leak listings in January involving Brazil’s Ministry of Culture and regional government entity.

🔍 Indonesia’s Paramilitary Organization Pemuda Pancasila Internal Data Offered for Sale on Dark Web

• On January 26, a post offering internal data belonging to Indonesia’s paramilitary organization Pemuda Pancasila was uploaded to the dark web hacking forum ‘BreachForums’.

✓ Pemuda Pancasila: Founded in 1959, it is a large paramilitary organization widely described as a nationalist group with close ties to political and business elites.

• The seller claimed that 600,000 member records and 15.4GB of internal data from Pemuda Pancasila were leaked in January and attached four member profiles and ID card images as proof.

→ Compromised data: Email addresses, phone numbers, identification numbers, names, addresses, profile images and ID card photos.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_20260301_EN.pdf

Threat Intelligence Reports

VoidLink: Sophisticated Linux Malware Built by AI

2026.02.25

Threat Intelligence Reports

Threat Group Profiling: RipperSec

2026.03.05

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.