Weekly Darkweb in May W3
2025.05.28
☑️ Weekly Darkweb – May Week 3, 2025
🔍 Japanese Big Five Trader 'S' Reportedly Targeted by Akira Ransomware
• On May 16, it was identified that Japanese trading giant ‘Sumi****’, one of the nation’s top five trading firms, suffered a cyberattack by the Akira ransomware gang.
✓ Company ‘S’, listed on the Tokyo Stock Exchange, operates globally across a wide range of industries, including manufacturing, energy, and construction.
• The ransomware gang claims to have compromised 163GB of data, including detailed personal information of employees and confidential documents.
✓ List of Compromised Information: Detailed personal data of employees (passports, driver’s licenses, credit card info), company documents, financial records (audit reports, purchase orders), customer information, confidential agreements, project files, and NDAs.
🔍 Taiwanese Semiconductor Company Faces Massive Data Breach Linked to New Ransomware Gang ‘BERT’
• On May 16, it was identified that Taiwanese semiconductor firm A, a publicly listed company, had suffered a ransomware attack linked to the BERT ransomware gang.
• The ransomware gang reportedly compromised more than 500TB of data from the company and disseminated sample and primary leaked data to a secret leak site.
✓ Among the sample data uploaded were nine image files—including the accounting balance sheet, detailed expense reports, and the 2025 employee list—with the first batch of leaked data, shared via link, estimated to be approximately 64GB.
• ‘BERT,’ a newly identified ransomware gang that appeared in April, is reported to have targeted four firms in the last two months.
🔍 Indonesian Civil Service Employee Database Shared on Dark Web Forum
• On May 17, personal information of employees from Indonesia’s National Civil Service Agency BK* was reportedly found being shared on the dark web forum ‘DarkForums.’
• Forum user ‘saTaoz’ posted sample files related to the stolen data and shared a URL to download the full dataset as ‘Hidden Contents’ visible only to forum members.
• According to S2W’s user profiling tool ‘DarkSpider,’ forum user ‘saTaoz’ was active on BreachForums under the same username before joining DarkForums and has continuously targeted Indonesian organizations since March.
👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.
☎️ Contact us: https://s2w.inc/en/contact
*The full report is available upon request and for XARVIS subscribers.
Attachments
Threat Intelligence Reports
Analysis of Apache Tomcat Vulnerability: CVE-2025-24813
2025.05.26
Previous
R&D Columns
7 Hidden Challenges of Adopting AI in the Enterprise
2025.05.28
Next