ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in October W3
2025.10.23

☑️ Weekly Darkweb – October Week 3, 2025



🔍 South Korean Shipbuilder K’s Internal Documents Exposed on Dark Web


• On October 14, posts sharing internal documents of Korean shipbuilder K were found on the dark web hacking forums ‘DarkForums’ and ‘LeakBase.’


• The threat actor first uploaded a post targeting the company K on September 24 and later reuploaded it on October 14 with data samples in response to further inquiries.


✓ The initial post on DarkForums offered 30GB of internal data from company K, including facility and design documents, for USD 10,000, with part of a ship system blueprint released as a sample.


• The leaked files retained the full directory structure and contained 496 internal documents on ship operations and navigation, including CCTV footage, consoles, equipment boxes, radar, gate valves, and magnetic compasses.



🔍 Taiwanese Auto Parts Maker T Faces Data Leak by Qilin Ransomware Gang


• On October 14, Taiwanese auto parts maker T was reportedly targeted by the Qilin ransomware gang.


✓ T is listed on the Taiwan Stock Exchange, with annual revenue of about $25.6 billion in 2024.


• The ransomware gang claimed to have stolen about 100GB of data from T, but no evidence of a data leak or sample files has been detected.


→ The Qilin ransomware gang has recently continued attacks targeting companies in multiple countries, including the United States, Canada, Kenya, France, and Germany.



🔍 Hacktivist CLOBELSECTEAM Continues Widespread Cyberattacks on Japan


• On October 1, a series of cyberattacks targeting Japan was observed via a Telegram channel operated by CLOBELSECTEAM.


• (10/2) The group claimed to have obtained documents from Japan’s international nuclear projects and confidential research facility materials, releasing some internal files as samples, including nuclear transmutation technology and nuclear fusion structure data.


• (10/4) The group claimed to have stolen around 300 documents from Japanese internet infrastructure service company S, releasing some files as samples. They also claimed access to the dashboard of a solar power plant monitoring system operated by engineering firm C, posting screenshots as evidence.


• (10/7) The group claimed to have targeted five Japanese companies, including the Japan branch of global IT firm M, and released a ‘ResideLocker’ HTML page promoting the sale of the companies’ data.


→ CLOBELSECTEAM is a pro-Russia, pro-China, pro-North Korea, and pro-Vietnam hacktivist group that was first detected operating on Telegram in June.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20251019_EN.pdf
Threat Intelligence Reports
Threat Group Profiling: Crimson Collective
2025.10.21
Previous
AI Trends
How AI is Transforming Cyber Threats and the Cyber Insurance Industry
2025.10.24
Next
List