☑️ Weekly Darkweb – July Week 5, 2025

🔍 Iran IRGC’s Sensitive Internal Data for Sale on Dark Web Hacking Forum

• On July 30, a post offering internal data from the Aerospace Force and Air Defense Section of Iran’s Islamic Revolutionary Guard Corps (IRGC) was found on the dark web hacking forum DarkForums.

• The seller claimed to be leaking 5.5 TB of sensitive data for the first time and uploaded images of an Excel file containing personal information and a data folder list as sample data.

✓ Data for Sale: Personal records of more than 16,000 personnel including names, ranks, service regions, social security numbers, photos, and coordinates of air defense sites.

• The seller is asking USD 99,999 worth of Monero, a privacy-oriented cryptocurrency, for the data, and USD 199,999 for its permanent removal.

🔍 Tunisia Defense Ministry Credential Leak; Raises Concerns Over Further Attacks

• On July 29, a post claiming to have hacked account credentials from Tunisia’s Defense Ministry was uploaded to the dark web hacking forum BreachForums.

• The compromised accounts reportedly include access to Tunisia’s Defense Ministry email services, internal systems, video conferencing tools, and the official website. The threat actor disclosed sample data including an administrator email, a military training officer’s email, and the ministry’s main official email address and password.

• As numerous breaches stem from credential exposure, monitoring for account leaks is a valuable tool for early-stage threat prevention.

✓ Credential leak information can be detected through the ATOM (Account Take Over Monitoring) feature of QUAXAR, S2W’s cyber threat intelligence platform.

🔍 Royal Saudi Air Force Internal Documents Circulating on Dark Web

• On July 28, Royal Saudi Air Force (RSAF) internal files were found being redistributed across a dark web hacking forum.

• The RSAF was previously targeted by the ransomware gang KillSec in April, resulting in a data breach. The current post is believed to be a redistribution of the previously leaked files.

✓ Compromised Data: Quality inspection forms, technical manuals, military aircraft reports, engineering blueprints, and documents related to military software.

• Information shared on the dark web is frequently downloaded and redistributed by multiple threat actors, making it nearly impossible to remove and potentially leading to long-term security threats.

👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.

Subscribe on LinkedIn

This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.

Attachments

[S2W] Weekly Darkweb_250803_EN.pdf

Threat Analysis Brief Reports

Microsoft SharePoint Vulnerability: CVE-2025-53770

2025.08.04

Threat Intelligence Reports

ScarCruft’s New Language: Whispering in PubNub, Crafting Backdoor in Rust, Striking with Ransomware

2025.08.07

List

File download request

This is a consent popup for collecting personal information in order to send you an attachment of S2W's Resource. Please enter the following items and submit, and the attachment will be sent to the email you provided. All information you provide will be subject to S2W's privacy policy.

Name *

Email *

Contact number *

Company / Institute name *

How did you find us?*

Agree to all

[Required] Terms of Service View all

[Required] Collection and Use of Personal Information View all

[Optional] Collection and Use of Information for Marketing Purposes

Collected items: Required : Name, Country, Company/Institute Name,Job Title, Email, Contact Number
Purpose of use: For online/offline marketing and advertising purpose Name, Job Title, Email, Contact Number; Delivery of product brochures, newsletters, event information, etc.
Retention period: Until consent for marketing use is withdrawn.