Deep and Dark Web Round Up
Weekly Highlights
Middle East Conflict
There were no notable cyber activities going on this week with the latest Israel-Hamas conflict, but a few developments below will almost certainly influence continued physical and cyber activities and campaign:
Market Takedowns
German authorities, using intelligence from Lithuanian and American agencies and partners, captured infrastructure in both Germany and Lithuania, resulting in the take down of popular dark web Nemesis Market. Authorities seized $100,000 in cash as well as digital infrastructure that supported the illicit goods market. No information was provided regarding the status of the platform’s operators being arrested or contacted as of the time of this writing; DarkOwl will continue to monitor for updates.
Malware/Ransomware
Discord bot top[.]gg has been poisoned by a malicious actor who hijacked GitHub accounts, used social engineering tactics, and distributed malicious Python in a supply chain attack against the bot. Researchers assess that the main goal was stealing credentials and other sensitive data to sell using malware that was hidden in legitimate Python packages. The malware targets various browsers such as Chrome and Brave, credit cards, and login credentials. It logs keystrokes and targets Desktop and Download files with certain keywords.
领英推荐
Threat Actor Activity
The US Treasury Department sanctioned two Chinese nationals who were part of APT31 front company “Wuhan Xiaoruizhi Science and Technology Company, Limited/Wuhan XRZ”. Their activities targeted the US Naval Academy and the US Naval War College’s China Maritime Studies Institute. The UK’s National Cyber Security Centre also sanctioned the actors for targeting the UK Electoral Commission Systems.?
Two Chinese APT groups were targeting the Association of Southeast Asian Nations (ASEAN), running a campaign throughout the first quarter of 2024. Phishing emails are used to deliver malware, which had executables containing file names such as “Talking Points for China” – these were curated to have maximum impact due to the early March Australian – ASEAN conference, disguising these files as related to the conference.
Notable Leaks and Breaches
?Suggested Further Reading
About DarkOwl
DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.? ?
Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and? secure manner without having to access the darknet itself.?
DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.?
For more information, visit www.darkowl.com.