Weekly Darkweb in April W3
2025.04.23
☑️ Weekly Darkweb – April Week 3, 2025
🔍 East Asian Financial Sector Under Ongoing Cyberattack, Data Leaks Persist
• From April 11 to 15, data from the financial sectors of East Asian countries was repeatedly found for sale on a Chinese hacking forum on the dark web.
• [April 11] Sensitive investor data linked to the Taiwan Stock Exchange was found being sold on the Chinese hacking forum ‘Cabyc,’ including names, birthdates, and addresses. The forum user offered personal information of 82 individuals for $988.
• [April 13, 15] Data from Japanese securities company ‘R’ was found uploaded to the same forum. The compromised information reportedly includes personal details and transaction histories of users who traded stocks through company ‘R’.
🔍 Global Dark Web Hacking Forum ‘BreachForums’ Shut Down Amidst Widespread Rumors
• On April 15, evidence emerged indicating the closure of the global dark web hacking forum ‘BreachForums.’
• In connection with the incident, the Palestinian threat actor group ‘Dark Storm Team’ claimed responsibility for a DDoS attack on ‘BreachForums,’ asserting that the attack was carried out for amusement and ultimately led to the forum's disruption.
• Meanwhile, there have been claims that the forum has been operated by the FBI since March. Documents allegedly supporting this claim have also been leaked, though the authenticity of these documents remains unverified.
• ‘BreachForums’ emerged in early 2022 following the shutdown of ‘RaidForums.’ Despite the arrest of its original operator, ‘pompompurin,’ by U.S. authorities in March 2023, the forum continued to operate under new leadership, becoming one of the most prominent hacking platforms.
🔍 New Ransomware Gang ‘Babuk Locker 2.0’ Suspected to Be Led by Indonesian Targeted Threat Actor ‘Bjorka’
• A new ransomware gang, ‘Babuk Locker 2.0,’ has emerged, reportedly launching cyberattacks against global corporations and government institutions.
✓ The gang’s name is believed to be derived from the 2021 ransomware group ‘Babuk,’ with the leak page also featuring the same design as the original Babuk site.
• A forum user believed to be connected to the group, ‘SkyWave,’ has been found promoting ‘Babuk Locker 2.0’ on the dark web hacking forum ‘DarkForums’ and a Telegram channel.
• According to the S2W user profiling tool ‘DarkSpider,’ ‘SkyWave’ is identified as ‘Bjorka,’ a threat actor who previously targeted Indonesia.
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.
👉 Subscribe <Weekly Darkweb>: https://bit.ly/4eeDU6I
☎️ Contact us: https://s2w.inc/en/contact
*The full report is available upon request and for XARVIS subscribers.
Attachments
Threat Intelligence Reports
Analysis of TraderTraitor’s GopherGrabber Malware observed by Willo Campaign
2025.04.21
Previous
R&D Columns
Text-to-SQL: Natural Language to SQL with AI
2025.04.29
Next