ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in October W1
2025.10.08

☑️ Weekly Darkweb – October Week 1, 2025



This week’s highlights focus on airport and aviation-related threats and alleged OT/ICS intrusions. Key incidents include a claimed web shell breach at Incheon International Airport, pro-Russian intrusion claims against Taiwanese manufacturing controls, and a dark‑web leak of Airports of Thailand administrator access and databases.



🔍 Pro-Russian Alleged Telegram Channel Claimed to Infiltrate Taiwanese Manufacturing Control Systems


• Over the past week, a series of cyber intrusion claims targeting Taiwanese manufacturing firms have surfaced on the pro-Russian Telegram channel “Z-Pentest Alliance🇷🇸🇷🇺🇧🇾🇮🇹🇦🇺”.


 ✓ [09/30] A message claiming penetration of climate and temperature control system at Taiwanese agricultural biotech company 'S' was uploaded. The threat actor mentioned the system was disabled and released a video showing manipulation of plant cultivation controls to disrupt operations.


 ✓ [10/01] A message claiming intrusion into the production equipment management system of Taiwanese plastics manufacturer 'L' was uploaded. The threat actor explained the compromised system was linked to raw material storage and supply processes, sharing a video of direct system manipulation as proof.



🔍 Administrator Access and Sensitive Data from Airports of Thailand Leaked on Dark Web Forum


• On September 29, administrator credentials and internal databases belonging to the Airports of Thailand (AOT) were leaked on the dark web forum ' DarkForums '. The leaked data includes security network mapping and infrastructure configurations, real-time flight and passenger data, employee accounts, administrator dashboard access, terminal operation and incident logs, and maintenance records, totaling 2.63GB in size.


• The user ‘ NodeSillent ’ disclosed AOT data server logs as proof of the attack and stated the full data is being distributed via their Telegram channel ‘ NodeSillent ’.



🔍 Incheon International Airport System Attack Claim Message Detected on Chinese Telegram Channel


• On September 23, a message claiming responsibility for an attack on the Incheon International Airport system was posted on the Chinese Telegram channel ’DATASHELL/Dream’. The threat actor claimed to have penetrated internal systems by executing a Web Shell attack through the airport's official website.


 ✓ Web Shell Attack: A technique enabling remote command execution, system takeover, and data theft through malicious scripts uploaded to server.


• The leaked dataset, estimated at over 30,000 records, included COVID-related documents shared as proof of attack.


• The threat actor mentioned that a similar attack in October 2024 disrupted Incheon International Airport's systems for an entire day, attaching press image of the incident.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_251005_EN.pdf
News Highlights
Weekly Darkweb in September W4
2025.10.01
Previous
News Highlights
Weekly Darkweb in October W2
2025.10.15
Next
List