☑️ Weekly Darkweb – July Week 2, 2025

🔍 Internal Data of Tokyo Stock Exchange and Major Securities Firms Leaked on Chinese Telegram Channel

• On July 5, internal data from the Tokyo Stock Exchange (TSE) and four major Japanese securities firms were found being distributed through a Chinese Telegram channel named ‘💎 御峰 💎 收售㊖源头数据’ (translated as 'only deals in authentic, verified data').

• The channel administrator, ‘Ad_08188,’ uploaded partial screenshots of an Excel file containing names, addresses, and phone numbers as proof of the leak.

• Instead of directly naming the affected firms, the administrator posted domain addresses—one of which appears to be linked to a login authentication system for a specific securities company.

🔍 Thailand’s Hospital ‘N’ Domain Admin Access for Sale on Dark Web Forum

• On July 8, domain administrator access to Thailand’s N Hospital was found to be sold on the Russian hacking forum ‘XSS’ for $1,000.

✓ Hospital N is a general hospital listed on the Stock Exchange of Thailand, with a revenue of 2.47 billion THB (approx. 104 billion KRW) last year.

• The seller, ‘LoyalityINKGN’, is indirectly pressuring the hospital by disclosing the number of devices connected to the hospital's internal network to increase the reliability of the data it sells.

• Domain administrator access represents the highest level of IT infrastructure control. If exploited, it could lead to severe disruptions, such as delays in surgical procedures or inaccessibility of medical records, underscoring the critical need for robust cybersecurity measures.

🔍 Service Providing Extensive Indonesian Citizen Data for Sale on Dark Web

• On July 8, a service offering extensive personal information on Indonesian citizens was found for sale on the dark web hacking forum ‘DarkForums.’ (Price: 5,000 USD)

• The seller, ‘quantumshadow,’ claims that by uploading a target’s photo through the service, they can retrieve matching results from national databases. The seller also advertises access to details such as family information, property holdings, and travel history.

• According to the seller, the data was obtained by infiltrating a government agency and exfiltrating confidential citizen records stored on backend systems.

• It was also observed that ‘quantumshadow’ offers a demo service, allowing potential buyers to verify the authenticity of their data.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_250713_EN.pdf

AI Trends

What Is Data Intelligence? Features and Use Cases

2025.07.16

Product

Why Integrating Account Takeover (ATO) and Attack Surface Management (ASM) Matters?

2025.07.18

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.