ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in September W4
2025.10.01

☑️ Weekly Darkweb – September Week 4, 2025



🔍 South Korea’s Major Admission Agency Suffers Ransomware Attack, Internal Data at Risk


• On September 22, South Korea’s major college admissions agency ‘U’ was targeted by KillSec ransomware gang.


✓ ‘U’ is a leading college application agency handling admissions for domestic and international universities. If breached, sensitive data of numerous South Korean and international applicants could be exposed on the dark web.


• The ransomware gang issued a threat post containing a foreign student’s passport, government-issued documents, and internal weekly reports as evidence of the attack. They threatened to leak the entire dataset if no deal was reached by the 26th and suggested the possibility of selling the information to third parties.



🔍 RCE Access to Major Asian Telecom & Cloud Firms for Sale on Dark Web


• Over the past week, remote code execution (RCE) access to systems of companies in Taiwan, India, and China was repeatedly detected for sale on the dark web hacking forums ‘DarkForums’ and ‘Breachstars’. The threat actor 'Psych1c’ claimed to have breached 12 telecom and IT companies in Asia in collaboration with 'NetworkBrokers.'


✓ RCE access: A high-risk privilege that allows an attacker to remotely access and execute commands on a target system.


• [09/21] RCE access to a Taiwanese telecom firm (annual revenue: USD 34.7 billion) was found for sale at USD 1,200.


• [09/23] RCE access an Indian telecom company (annual revenue: around USD 2.6 billion) was found for sale for USD 1,500. The threat actor claimed the company serves the finance, IT, and healthcare sectors. On the same day, RCE access to a Chinese cloud service provider (annual revenue: around USD 12 billion) was found for sale for USD 1,200. The threat actor claimed the company partners with global IT firms and government agencies.



🔍 U.S. Defense Department’s DARPA Confidential Documents for Sale on Dark Web


• On September 19, a post claiming to sell classified information on next-generation weapons development by the U.S. Department of Defense’s DARPA was found on the Russian hacking forum Exploit.


• The seller claimed the data for sale includes over 30GB of files, such as blueprints and research on DARPA’s next-generation laser weapons and more than 1,000 documents from 26 U.S. national laboratories.


• The seller listed the price at USD 100,000, offering a discount to buyers from anti-U.S. countries.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20250928_EN.pdf
Threat Analysis Brief Reports
Docker Desktop Vulnerability: CVE-2025-9074
2025.09.29
Previous
News Highlights
Weekly Darkweb in October W1
2025.10.08
Next
List