DDW Weekly Highlights in December W3
2024.12.26
☑️ S2W DDW Weekly Highlights in December W3
🔍 Laptop Hardware Copy owned by Hunter Biden, disseminated on Dark web
• On the 18th, a post sharing a torrent containing a copy of the laptop hardware belonging to Hunter Biden, the son of US President Joe Biden, was posted on BreachForums.
• User ‘WHOISTHAT’ claimed to have secured approximately 372GB of data from X (formerly Twitter), stating that only him and a group known as 'DDoS Secrets' possess this data (ownership link included in the post), emphasizing the rarity of the data.
• The link attached by the user contains detailed descriptions of how Hunter Biden's laptop was leaked.
• S2W's 'Dark Spider' indicates WHOISTHAT has been posting weapon manufacturing techniques and classified US and Israeli documents on BreachForums since August.
🔍 Access to Malaysian Energy Company’s 12 Virtual Machine on Sale
• On the 15th, user 'Corp' posted an account for sale that grants access to the internal systems (VM) of a major Malaysian energy company (Sale price: $10,000) on BreachForums.
• Accessing the internal system through this account poses a risk of paralyzing the energy company’s system and halting factory or pipeline operations, similar to the 2021 *U.S. Colonial Pipeline ransomware incident.
(* U.S Colonial Pipeline: In May 2021, the largest U.S. fuel pipeline, Colonial Pipeline, was hit by a ransomware attack from 'DarkSide.' This led to significant shortages of gasoline/diesel on the East Coast and had a major impact on the entire economy. The victim company eventually agreed to pay the ransomware group $4.4 million.)
🔍 Confidential data from Cis**, allegedly leaked on Dark web hacking forum
• On the 16th, well-known threat actor IntelBroker announced a partial data leak of global cybersecurity company Cis** on X and posted it for sale on BreachForums.
• Previously in October, IntelBroker, along with other threat actors, stole 4.5TB of data from Cis**, including source code and sensitive information, which was sold. Now on the 16th, 2.9GB of data containing product-related information is on sale.
• IntelBroker has claimed to target entities including global big tech firms and government agencies like the Korean Ministry of Defense, and has been actively managing BreachForums since acquiring it from the previous owner in August.
If you want to read more, follow the newsletter as below and visit S2W Inc. website to contact us.
* The full report is available upon request and for XARVIS subscribers.
Attachments
Threat Analysis Brief Reports
Analysis of Malware Disguised as Exploiting Domestic Social Issues
2024.12.20
Previous
Threat Intelligence Reports
Ransomware Group Profiling: Underground
2024.12.27
Next