ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in May W1
2025.05.14

☑️ Weekly Darkweb – May Week 1, 2025


🔍 Pakistani Naval Military Strategy and Defense Data for Sale on Dark Web

• On May 6, threat actor ‘XUII’ uploaded a post on the Russian hacking forum ‘Exploit,’ offering information related to the Pakistan Navy and defense industry for sale.

✓ Included Data: Pakistan Navy and military product information, along with strategic cooperation plans with China and Türkiye spanning 2025 to 2035.

• The threat actor uploaded portions of confidential military product documents and the Pakistan Navy's strategic cooperation plans as sample data.

• According to S2W’s user profiling tool ‘DarkSpider,’ the threat actor ‘XUII’ joined the forum in March and has since been offering leaked data and system access related to the Pakistani government and corporations.


🔍 Japanese Logistics Firm ‘R’ Suspected Target of Lynx Ransomware Attack

• Japanese logistics firm ‘R’ has been identified as a possible victim of a recent attack by the ‘Lynx’ ransomware gang.

✓ Company ‘R’ is listed on the Tokyo Stock Exchange, with its annual revenue for 2024 reportedly reaching approximately $5.8 billion.

• The ransomware gang reportedly stole a total of 500GB of data from company ‘R,’ though no files have been uploaded to the leak site as of now.

→ Lynx is a relatively new ransomware gang that emerged in July last year. Its ransomware code shares approximately 48% similarity with that used by the INC ransomware gang, leading to speculation that Lynx may be a rebranded version of INC.


🔍 AI-Developed Malware ‘VortexLeech’ Shared on Dark Web Hacking Forums

• On May 2, a proof-of-concept exploit for an AI-generated banking trojan was identified as being shared on the dark web hacking forum ‘DarkForums’.

• The forum user ‘Executed’ attached the full malware code to the post and included a detailed description of its functionality.

✓ Malware Description: Designed to target Android and iOS devices, this advanced malware is used to steal financial data and funds by harvesting account credentials, bypassing 2FA, and evading detection mechanisms.

✓ 2FA (Two-Factor Authentication): A security method that strengthens account or system access by requiring two distinct forms of verification during login.


👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_EN (250511).pdf
AI Trends
MCP (Model Context Protocol) Explained, Shaping the Future of Business
2025.05.14
Previous
Threat Intelligence Reports
AI-powered Threats Case Study #03: Deep Dark Web and Telegram
2025.05.20
Next
List