ALL MENU

Technology
S2W's Technology
AI
Big Data
Security
Products
SAIP
QUAXAR
XARVIS
EYEZ
Services
AI Data Consulting
Penetration Testing
Incident Response
Request for Intelligence
Resources
Event
Webinar
SIS
Conference
About S2W
About S2W
History
News

QUICK LINKS

Resources
  • Newsletter
  • News Highlights
Weekly Darkweb in December W4
2025.12.31

☑️ Weekly Darkweb – December Week 4, 2025



🔍 Global Hardware Company G’s Subdomain Vulnerability Exploit Code for Sale


• On December 18, a post selling exploit code targeting a vulnerability on Taiwanese global hardware company G's subdomain was detected on the hacking forum ‘Exploit’.


  ✓ Company G is one of the world's top three hardware manufacturers, reporting approximately USD 8.4 billion in annual revenue in 2024.


• The seller mentioned that the identified vulnerability is of the ‘Blind SQL Injection’ type and offered to sell the associated exploit code for USD 150.


→ Blind SQL Injection Vulnerability: A high-risk web vulnerability where attackers can extract internal database information by analyzing server response behavior or processing delays, even when attack results aren't directly displayed. This can lead to data exposure and system compromise.



🔍 Domain Admin Access of Indonesian State-Owned Airline G for Sale on Dark Web


• On December 20th, a post offering domain admin access to Indonesia's state-owned airline G was identified on the Russian dark web hacking forum ‘RAMP’ (Selling price: USD 10,000).


  ✓ Company G is Indonesia's largest airline and a member of the global airline alliance ‘SkyTeam’, with an annual revenue of approximately USD 3.4 billion in 2024.


• Forum user ‘PAYDAY’ claimed that the access granted domain administrator privileges capable of controlling more than 300 PCs and 6-7 domain groups, and stated that internal network materials can be provided as proof upon request.


• According to the S2W user profiling tool, the user has been observed since last August as attempting to purchase malware and domain access credentials.



🔍 Taiwanese Auto Parts Manufacturer S Infected with ‘Dire Wolf’ Ransomware


• On December 22, it was confirmed that internal data from Taiwanese auto parts manufacturer S is at risk of being leaked by the ransomware gang ‘Dire Wolf’.


  ✓ Company S is listed on the Taiwan Stock Exchange and reported approximately USD 2 billion in annual revenue in 2024.


• The ransomware gang specified January 21, 2026, as the negotiation deadline and released a list of the data allegedly exfiltrated during the attack.


  ✓ Stolen Data: A total of 10GB, including financial and legal documents, non-disclosure agreements (NDAs), database backup files, audit reports, and internal agreements


• According to S2W ransomware data, ‘Dire Wolf’ is a ransomware gang that began operations in May and is primarily targeting the manufacturing and technology sectors.



👉 Subscribe to <Weekly Darkweb> and get the latest newsletter every week.
Subscribe on LinkedIn
This newsletter is based on news derived from big data collected from over 400 million encrypted pages and channels, including those on the dark web and Telegram.

☎️ Contact us: https://s2w.inc/en/contact

*The full report is available upon request and for XARVIS subscribers.


Attachments
[S2W] Weekly Darkweb_20251228_EN.pdf
Threat Intelligence Reports
2025 Threat Landscape Report
2025.12.31
Previous
Threat Intelligence Reports
Threat Group Profiling: 888
2026.01.06
Next
List