DDW Weekly Highlights in April W3
2024.04.25
☑️ S2W DDW Weekly Highlights in April W3
⚠️ A Washington DC government agency faced data leakage via a ransomware attack, exposing data after failed negotiations
• On April 19th, the ransomware gang LOCKBIT, active on the dark web, announced the leak of 800GB of internal data from Washington DC government agencies.
• They disclosed ongoing negotiations but expressed dissatisfaction with progress, sharing samples totaling about 1GB, including internal documents and stock exchange data.
• These samples include various document visuals.
⚠️ A Russian dark web hacking forum advertised a job for experts in search keywords related to domestic portal sites
• A recent posting on the Russian dark web hacking forum 'Exploit' was observed, seeking SEO (Search Engine Optimization) experts for a well-known domestic portal site.
• Such postings seeking SEO experts for domestic portal sites or inquiring about SEO methods are periodically discovered.
• Although the background for hiring SEO experts is not explained, threat actors are commonly known to exploit SEO to manipulate search rankings or expose links to their malicious code at the top.
⚠️ Access permissions to Israel's government internal networks were up for sale amidst a rise in related posts amid shifting international politics
• On April 16th, a BreachForums posting advertised Israeli government agency network access for sale at around 1 million Korean won.
• This includes access to over 10 agencies, including the Ministry of Foreign Affairs and intelligence agencies.
• Such postings reflect a worrying trend, possibly linked to current international affairs.
If you want to read more, follow our newsletter or contact us as below.
Attachments
News Highlights
DDW Weekly Highlights in April W2
2024.04.18
Previous
Intelligence Blogs
Incident Analysis - Cyberwar: Israel – Iran (April 2024)
2024.04.30
Next