ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in August W3
2025.08.27

☑️ Weekly Darkweb – August Week 3, 2025



🔍 DDoS Attacks Against Taiwanese Governments and Defense Companies Detected on Hacktivist Telegram channel


• On July 15, it was identified that Taiwanese government agencies and defense companies have been targeted by DDoS attacks from the hacktivist group “Mr Hamza.”


✓ Mr Hamza: A pro-Palestinian hacktivist group that focuses on DDoS attacks


• According to the hacktivist group's Telegram channel, a total of seven organizations were attacked, including local police, customs offices, defense research institutes, and aircraft manufacturing and maintenance companies. Among the victims are core entities in Taiwan’s defense industry.


• The channel operator stated that the attacks were part of ‘#Op_Taiwan.’ The term '#Op' is commonly used by hacktivist groups to refer to cyberattacks targeting a specific country. It is currently being used in a hacking campaign targeting Taiwan.



🔍 Japanese Companies Hit by Ransomware Attacks; New Gangs ‘WorldLeaks’ and ‘D4RK 4RMY’ Identified


• On July 20, it was confirmed that Japan’s leading textile company ‘N’ was targeted by the WorldLeaks ransomware gang. (N’s annual revenue in 2024: approximately 110 billion JPY)


• WorldLeaks is a newly emerged ransomware gang first spotted in May, known to have launched ransomware attacks targeting various countries including US, Europe, and Asia.


• On the 7th, it was revealed that Japanese financial company ‘M’ had been targeted by the D4RK 4RMY ransomware gang.


✓ D4RK 4RMY is another newly observed ransomware gang detected in July, believed to have attacked private companies in Taiwan, Japan, and Thailand.



🔍 Uzbekistan Airline Data Leak: Multinational Passport Information for Sale on Dark Web


• On July 19, a post selling data allegedly stolen from an Uzbekistan airline was detected on the dark web hacking forum ‘DarkForums’ (File size: 300GB).


• Forum user ‘ByteToBreach’ claimed to have obtained the personal information of approximately 400,000 passengers, including passport details, driver’s licenses, and marriage certificates. The user also uploaded scanned passports as sample data.


• It was also confirmed that the leaked data includes login credentials granting access to the airline’s internal systems. The threat actor is promoting that the data also includes account information for reservation, ticketing, and boarding management systems, as well as email servers, which are commonly used by airlines around the world.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20250824_EN.pdf
Threat Intelligence Reports
Detailed Analysis of Phrack’s APT Down: The North Korea Files
2025.08.22
Previous
Threat Analysis Brief Reports
Oracle WebLogic Vulnerability: CVE-2017-10271
2025.09.02
Next
List