ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in July W1
2025.07.09

☑️ Weekly Darkweb – July Week 1, 2025



🔍 Russian Navy Command and Control System Source Code for Sale on Dark Web


• On June 30, confidential internal data from Russia’s NPO Mars (Federal Research and Production Center) was found for sale on the dark web hacking forum ‘DarkForums.’


✓ Compromised Data: 250GB of data containing the full source code of the Navy’s C2 system, internal ship videos, technical documents, and classified communications with the government


• The forum user ‘Rhodes’ posted a video link claiming to prove the hack, but the video is currently inaccessible. Additionally, the threat actor is offering 10GB of data as a sample.


• The military C2 system’s source code is a key classified asset. Exposure to adversaries could pose a significant military threat, requiring strict caution.



🔍 Israeli Military Equipment Blueprints Found for Sale on Dark Web and Telegram


• On June 27, Israeli military equipment blueprints were posted for sale on the dark web hacking forum ‘DarkForums.’


✓ Compromised data: Blueprints and associated documents for 132 military assets such as anti-tank rockets, missiles, aircraft, naval vessels, reconnaissance satellites, defense systems, and radar


• The seller, ‘Breachyard,’ left a Telegram ID in the post, which leads to a private channel called ‘Agencyint -Threat-Intelligence ™,’ reportedly operated by the seller for leaked data sales.


• According to S2W’s internal analysis team, the threat actor uploaded posts selling Israeli military equipment to the Telegram channel and sold data targeting countries including Taiwan, India, Spain, and the U.S.



🔍 ‘BreachForums’ Returns with New Operator ‘Jaw’ Two Months After Shutdown


• ‘BreachForums,’ the global dark web hacking forum shut down on April 15, resumed operations July 1 with a new domain despite continued crackdowns by the FBI and French police.


• BreachForums' new operator, ‘Jaw,’ informed users that authorities have seized all forum data and highlighted the importance of adopting new usernames and identifiers.


• According to S2W’s internal analysis team, user ‘paw’ mentioned the July 1 restart of BreachForums on May 23 in the Telegram hacker community ‘Jaccuzi 2.0.’ Subsequently, a user named ‘Jaw,’ with a similar username, appeared as the forum’s new operator, suggesting the two are likely the same individual.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_250706_EN.pdf
R&D Columns
Adopting Apache Iceberg for Our Data Lakehouse - Part 1: Why We Chose Iceberg
2025.07.09
Previous
Threat Intelligence Reports
Windows Common Log File System Driver Vulnerability: CVE-2025–32713
2025.07.14
Next
List