ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in November W3
2025.11.26

☑️ Weekly Darkweb – November Week 3, 2025



🔍 Japan’s Photo Printing Company Customer Data of 15.6 Million for Sale on Dark Web


• On November 8, Japan’s online photo printing company P was identified on DarkForums with customer data listed for 5,000 dollars.


• The threat actor claimed to have breached five service sites operated by company P in July and obtained 15.6 million customer records from 2018 to 2025, including names, email addresses, passwords, phone numbers and dates of birth.


• The threat actor posted screenshots of the data files along with a sample download link containing 10,000 customer records as proof of the breach.


✓ Company P has reportedly been investigating the breach since July. After the Dark Web post was detected on November 9, company P published a statement confirming that personal information had been exposed.



🔍 South Korean Energy Company L Breach Linked to AKIRA Ransomware


• On November 17, South Korea’s major energy company L was identified as a target of the AKIRA ransomware gang.


✓ Company L is a Korea Exchange listed company with reported annual revenue of about 17.4 billion dollar in 2024.


• The ransomware gang claimed to have stolen 1.67 TB of corporate documents and 46 GB of database files, including employee personal information, confidential project documents and internal contracts.


• No evidence of compromised data or sample files has appeared on the ransomware leak site.


→ From November 1 to 19, a total of 61 companies were added to the AKIRA ransomware gang’s victim list, with 55 of them based in the U.S., indicating a concentrated focus on the U.S.



🔍 Greece’s Largest Telecom Company C Source Code Leaked on Dark Web


• On November 13, a post claiming to have leaked internal data and source code from Greece’s largest telecom company C was uploaded to the DarkForums.


✓ Greece has three major telecom providers that hold most of the mobile market, and company C recorded a 46.5 percent share in 2023, according to the Hellenic Telecommunications and Post Commission.


• The threat actor known as KaruHunters said a breach earlier this month resulted in leaked internal data and source code from company C, and posted a download link to a 185 MB file as proof.


• The exposure of internal data and source code can reveal system architecture and vulnerabilities, possibly resulting in service interruptions and customer data breaches.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20251123_EN.pdf
Threat Intelligence Reports
Threat Group Profiling: Scattered Lapsus$ Hunters (SLSH)
2025.11.25
Previous
Threat Analysis Brief Reports
X Forums: The Return of the Evil-Zone Forum
2025.12.02
Next
List