Weekly Darkweb in March W5
2025.04.02
☑️ Weekly Darkweb - March Week 5, 2025
🔍 Global Software Firm ‘O’ Suffers Massive Data Exposure on Dark Web
• On March 20th, it was identified that 6 million customer records from global software company ‘O’ were being leaked on the Dark Web hacking forum ‘BreachForums.’
• Forum user 'rose87168' claimed that the hack on victim’s cloud login server also resulted in the theft of Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) information.
• According to the post, the threat actor has already notified the victim of the compromise and is demanding a certain level of “negotiation” within 72 hours.
→ Typically, once SSO or LDAP information falls into the hands of threat actors, it may cause lateral damages such as ransomware attacks, reputational harm, and supply chain attacks on partner companies.
🔍 Taiwan Faces Escalating Threats from Hacktivism and Ransomware Gangs
• On March 19th, the Russian hacktivist group ‘NoName057(16)’ allegedly launched DDoS attacks targeting 10 local prosecutors' offices in Taiwan.
• Although the group’s Telegram channel is currently inaccessible due to a takedown, S2W’s analysis revealed that the group has created new channel to continue their operations.
• On the 25th, the Taiwan branch of a global fitness company ‘J’ was attacked by the ransomware gang ‘Crazyhunter,’ leading to the exfiltration of 3TB of customer and sensitive corporate data.
• Last month, ‘Crazyhunter’ attacked hospitals in Taiwan and sold the personal data of approximately 16 million individuals, including medical records, on the Dark Web hacking forum.
🔍 Admin Access to Middle East International Airline for Sale on Dark Web
• On March 26, a post was uploaded on the Russian hacking forum ‘XSS’ offering admin system access to a Middle East international airline for USD 5,000.
• The seller ‘budda12’ claimed that the access includes sensitive information such as domain administrator’s login credentials and Fortinet network configuration reports. In January, a large-scale leak of Fortinet credentials occurred on the Dark Web.
• Based on S2W’s user profiling tool ‘DarkSpider,’ the seller is identified as an Initial Access Broker (IAB), primarily targeting private sector companies.
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.
👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I
☎️ Contact us: https://s2w.inc/en/contact
* The full report is available upon request and for XARVIS subscribers.
Attachments
AI Trends
How Functional Features Are Shaping the Future of AI
2025.04.01
Previous
Threat Analysis Brief Reports
Quick Overview of Recent DDoS Attacks Targeting South Korea
2025.04.07
Next