Weekly Darkweb in April W2

Resources

2025.04.16

☑️ Weekly Darkweb – April Week 2, 2025

🔍 Royal Saudi Air Force Data Breach Linked to KillSec Ransomware Gang

• On April 2, internal data from the Royal Saudi Air Force (RSAF) was identified on a dark web blog operated by the KillSec ransomware gang.

• The ransomware gang has already leaked 10% of the compromised data and warned that the full dataset will be released if negotiations are not reached by April 14.

• They have also disclosed a separate URL for verifying the sample data. The disclosed sample consists of 12 images, including base layouts, technical manuals, and fighter jet reports. The leaked 10% of data is currently accessible through the published link.

🔍 Japanese Aviation Service Company K’s Network Access Being Sold by Professional Initial Access Broker

• On April 3, a threat actor named ‘ALPHA-WMR’ posted on the dark web hacking forum ‘Exploit,’ offering internal system access to Japanese airport ground service company ‘K’ for sale. (price: $5,100)

• The threat actor stated that the sale includes access to the company’s entire network, as well as admin rights for Fortinet, FTP, and SSH, asserting that these credentials enable the editing of all employee information.

✓ FTP administrator access: Highest-level privileges for the file transfer protocol server, allowing full control of the server if compromised.

• According to S2W’s dark web monitoring solution, ‘ALPHA-WMR’ has been identified as an initial access broker who sells access to internal systems of telecom and defense companies across various countries.

🔍 Internal Access to Taiwan’s Largest Telecom Detected for Sale as Attacks Against Taiwan Surge

• On April 7, internal system access to a Taiwanese telecom company was found being offered for sale on the Russian dark web hacking forum ‘Exploit’.

• The threat actor ‘303security’ identified the victim as the ‘Taiwan Biggest Telecom Company’ and stated its revenue as $6.9 billion. The access includes Shell and SSH, with a sale price of $1,300.

• Beginning in February, there has been a sharp rise in malicious activity involving access sales and cyberattacks targeting Taiwanese companies, compared to last year.

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_EN (250413).pdf

AI Trends

Multimodal RAG, the Evolution of Generative AI

2025.04.15

Threat Intelligence Reports

Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign

2025.04.21

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.