ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in June W3
2025.06.25

☑️ Weekly Darkweb – June Week 3, 2025



🔍 Japanese Crypto Exchange Breach Footage Circulates; Data linked to Chinese Telegram Channel


• On the 17th, data allegedly originating from “Z Corporation,” one of Japan’s early licensed cryptocurrency exchanges, was identified for sale on a Chinese Telegram channel named “乐乐~专注做海外数据”, known for trafficking in overseas data.


• The channel operator, ‘xggvm’, uploaded a video showing a direct intrusion into a Japanese website, including scenes of exfiltrating personal information belonging to approximately 4 million users, and the accompanying message indicated an intent to sell the stolen data.


• The operator had previously distributed data from various countries, including the United States, Mexico, and India, through the same channel and is believed to also provide hacking-for-hire services.



🔍 Spanish Defense Firm’s CAD Files Offered on Dark Web for $50K


• On June 13, classified data allegedly belonging to Spanish defense and aerospace software developer G Corporation was observed for sale on the Russian dark web forum XSS for USD 50,000.


• The leaked data, totaling approximately 2.71 GB, includes blueprints, contracts, CAD drawings, and other technical documents.


✓ G Corporation, a key player in the space and defense sectors, has delivered over 1,500 projects and holds assets valued at €90 million.


• The threat actor ‘_Sentap’ shared sample files within the post and claimed the leaked materials could be used as a means of reverse engineering.


• According to S2W’s user profiling tool DarkSpider, the same post was simultaneously uploaded to DarkForums and Exploit.



🔍 Ransomware Actor ‘Devman’ Tied to Global Attacks via X and Dark Web


• A threat actor known as ‘Devman’ has been observed conducting ransomware attacks against organizations in Japan, Mexico, the U.S., and others via dark web forums and the X platform.


• On X, Devman shared a screenshot allegedly showing internal data from a Japanese company, claiming access was enabled by a VPN password set to ‘12345’.


• According to S2W’s DarkSpider, Devman previously sought RaaS collaborators via a post on BreachForums in April.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_EN (250622).pdf
Threat Analysis Brief Reports
Quick Overview of DarkForums
2025.06.24
Previous
Threat Intelligence Reports
StealC V2: Advanced Infostealer Malware
2025.07.01
Next
List