Weekly Darkweb in May W2
2025.05.21
☑️ Weekly Darkweb – May Week 2, 2025
🔍 Classified Russian Intelligence Agency Documents Sale on Dark Web Forum
• On May 14, it was identified that classified documents related to the Russian intelligence agency, the Federal Security Service (FSB), were being sold on the Dark Web hacking forum ‘Darkforums.’
✓ Included Data: Operational plans in Taiwan and Iran, cyber activities of foreign intelligence service agents, information on Chinese agents and companies, and Russian General Reconnaissance Directorate (GRU) activities in Vietnam.
• The threat actor ‘Michealgabbert’ joined ‘Darkforums’ on May 5 and has only uploaded this single post to date.
• According to S2W’s internal analysis, much of the post appears to have been reconstructed from content originally shared in a private Telegram channel on April 27. The channel’s operator is known to have sold sensitive FSB data involving North Korea, China, Taiwan, South Korea, Japan, Iran, and Afghanistan.
🔍 Threat Actor ‘Machine1337’ Detected Selling U.S. and Chinese Tech Company Data
• On May 14, it was detected that data from a U.S.-based global social media company ‘S’ and an IT firm ‘M’ were being sold on the Russian Dark Web hacking forum ‘XSS.’
• Both posts were uploaded by the forum user ‘Machine1337,’ who claimed to be selling 5 million records from ‘S’ and 4 million records from ‘M,’ priced at $2,000 and $5,000 respectively.
• According to S2W’s user profiling solution ‘DarkSpider,’ ‘Machine1337’ has also been selling data from U.S. gaming platform ‘S’ and IT firm ‘A’ in May. On May 15, the same actor was identified selling 150 million and 120 million records from China-based companies ‘T’ and ‘H,’ respectively.
🔍 Sensitive Data of Brazilian State-Owned Nuclear Equipment Firm Leaked
• On May 12, sensitive data of Brazilian state-owned nuclear equipment manufacturer ‘N’ was being sold for $1,500 on the Dark Web forum ‘Darkforums.’
✓ Included Data: Nuclear manufacturing, defense-related manufacturing, military nuclear information, submarines, blueprints, uranium mining videos and images, employee personal information, etc.
• The forum user ‘Jack_back’ uploaded samples alongside the post, including employee data and nuclear equipment design files.
• According to S2W’s XARVIS solution, similar data from ‘N’ had previously been leaked by forum user ‘sk_ekf’ on ‘BreachForums’ in March.
👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.
☎️ Contact us: https://s2w.inc/en/contact
*The full report is available upon request and for XARVIS subscribers.
Attachments
Threat Intelligence Reports
AI-powered Threats Case Study #03: Deep Dark Web and Telegram
2025.05.20
Previous
Threat Intelligence Reports
Analysis of Apache Tomcat Vulnerability: CVE-2025-24813
2025.05.26
Next