Weekly Darkweb in May W4

Resources

2025.06.04

☑️ Weekly Darkweb – May Week 4, 2025

🔍 System Access to Mexican ‘Public Fund Audit Agency’ Leaked on Dark Web

• On May 28, a post offering system access to Mexican ‘Public Fund Audit Agency’ was uploaded to the Dark Web hacking forum ‘DarkForums’ for $4,000.

• The threat actor claimed to hold the following access:

✓ Full access to 113.5TB of data stored on 6 NAS devices

✓ Top-level administrator privileges for a domain controller (DC) managing 1,300 PCs

✓ Top-level administrator privileges for Linux-based servers

• If the data and access claimed by the threat actor were exploited, critical file repositories, entire internal computer systems, and even key servers in the organization could be freely manipulated.

🔍 SIM Card Data from Indonesian Telecom Provider Giant for Sale on Dark Web

• On May 27, it was identified that SIM card data from subscribers of Indonesian largest mobile operator 'T' was being sold on the Dark Web hacking forum ‘Darkforums.’

✓ Company ‘T’ is one of the largest mobile operators in Indonesia, serving 150 million users as of last year and accounting for 60% of the total telecommunication market revenue.

• The threat actor claimed to have obtained sensitive information associated with SIM cards, including SIM card unique identification number(ICCID), subscriber unique identification number (IMSI), lock password, and pricing plan.

• According to S2W’s cybercrime investigation platform ‘XARVIS,’ the threat actor is also operating a Telegram channel called ‘DataMarket,’ and is reposting the sales threads and selling access to private companies in Indonesia, Vietnam, and others.

🔍 Data Stored on Thai Police Website Listed for Sale on Dark Web Hacking Forum

• On May 26, a post selling loaded database from the Thai Police website was identified on the Russian dark web hacking forum 'XSS.'

• The forum user ‘wh6ami’ claimed that the leaked data includes account credentials of two site administrators, file paths, and internal information.

• According to S2W’s user profiling tool ‘DarkSpider,’ the threat actor joined the ‘XSS’ forum in March and has consistently uploaded threads related to government websites in Southeast Asia and South America.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_EN (250601).pdf

R&D Columns

7 Hidden Challenges of Adopting AI in the Enterprise

2025.05.28

Threat Analysis Brief Reports

Quick Overview of Deepmix: A Chinese Dark web Marketplace

2025.06.09

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.