ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb: March 2026, Week 1
2026.03.11

☑️ Weekly Darkweb – March Week 1, 2026



🔍 Iran-Linked Hacktivist Group ‘Handala’ Targets Israel and the Middle East


• On March 3, the Iran-linked hacktivist group ‘Handala’ claimed to have carried out cyberattacks targeting major energy companies in the Middle East and an Israeli policy research institute.


  ✓ A post claiming an attack on UAE state-owned energy company S was identified. The threat actor claimed to have exfiltrated 1.3TB of internal data and uploaded images as proof, including an energy infrastructure asset list and a signed integrity pledge detailing pipeline information.


  ✓ An alleged attack on A, the world’s largest Saudi state-owned oil and gas company, was identified. The threat actor claimed to have disrupted A’s infrastructure and oil production processes, attaching images as proof, including process flow diagrams, engineering designs and project documents.


  ✓ A message claiming an attack on the Institute for National Security Studies (INSS) in Israel was uploaded to the Telegram channel ‘Handala Team’. The threat actor claimed to have obtained confidential documents and hacked INSS’s LinkedIn page, posting related images.


→ ‘Handala,’ tied to the Ministry of Intelligence (MOIS), emerged after the 2023 Israel-Hamas war and targets Israeli government entities and critical infrastructure.



🔍 Sensitive Data of Palestinian Authority Security Forces Found on Dark Web


• On February 28, a post offering to sell confidential information related to the Palestinian Authority’s National Security Forces was identified on the dark web hacking forum ‘BreachForums’.


• The forum user ‘CVDEAD’ claimed to have infiltrated Palestinian Authority servers and gained full administrative control over the C2 infrastructure.


  ✓ Compromised Data: Full API keys and administrative access privileges, SSL certificates, confidential file backups, detailed security operation records, email DBs, and administrative/employee accounts.


• The seller also announced plans to release information related to the Palestinian Authority’s integrated situation management platform and posted a platform screenshot as proof.



🔍 Personal Data of Taiwan Minor Party ‘N’ Leaked on Dark Web


• On March 4, a post distributing personal data linked to Taiwan’s minor political party ‘N’ was uploaded to the dark web hacking forum ‘BreachForums’.


  ✓ Party ‘N’: A third party in Taiwan founded in 2015, rooted in the student movement.


• The forum user ‘lulzintel’ claimed that more than 33,000 member records were leaked following a breach of the party’s website earlier this month. As proof, the user released sample data containing names, phone numbers, addresses, and occupations.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20260308_EN.pdf
Product
CVSS, EPSS, and TALON SCORE: How to Prioritize Vulnerabilities?
2026.03.05
Previous
Threat Intelligence Reports
2025 H2 Ransomware Trends Report
2026.03.11
Next
List