Deep and Dark Web Round Up

Highlights

• Middle East conflict updates
• China claims to have cracked Apple’s Airdrop technology
• Hack-back scams take further advantage of ransomware victims already fighting to recover operations
• False year-end documents increasingly used in fraudulent schemes

Middle East Conflict

Recent activities include increased maritime attacks, assassinations, and ICS/Scada targeting:

• Wissam Hassan Tawil was killed January 8, 2024; Tawil is the brother-in-law of Hassan Nasrullah, the head of Hezbollah
• X suspended one account of Hamas on January 9, 2024, after it quickly gained over 125K followers
• IPs discovered scanning for RDP and ICS/SCADA tied to CODESYS from and within Israel, targeting the country as the conflict continues

Malware/Ransomware

China claims to have cracked Apple’s Airdrop tech, uses this to continue control over its dissident population

China claims to have decrypted device logs for Airdrop, the apple tech that allows for proximity sharing of pictures, files, etc. China’s constant effort to control its population means they’ve blocked many popular messaging apps, as well as used their internet controls to block many popular websites within China. Many Chinese citizens moved to Airdrop as it doesn’t need cell service. This use included the 2019 protests where Chinese citizens used Airdrop to share protest information and anti-Chinese government material. The Chinese government claims they can see the phone numbers, emails, and other metadata from devices who partook in this activity.

Hack-back scams target victims of Royal and Akira ransomware gangs

An actor claiming to be a security researcher has recently contacted several victims of ransomware gangs and offered revenge services against members of Royal and Akira ransomware. The individual offered victims the chance for them to delete the stolen data located on the servers of Akira and Royal for the cost of five Bitcoin. The handles used by the actor are “Ethical Side Group” and “xanonymoux”.

Threat Actor Activity

Year end documents used by threat actors to steal corporate information

Fake retirement savings plan documents for 401ks, end of year surveys, as well as tax document lures, are some of the latest trends in threat actors going after people as they try to procure sensitive credentials for corporate-environment access. Malicious actors are posing as company HR reps to try and elicit information relating to retirement plans. Actors have combined the use of QR codes in these operations, which are embedded in emails and take innocent people to false login pages where their credentials are stolen.

Notable Leaks and Breaches

• Fidelity National Financial: Hackers stole data of 1.3 million people
• Halara probes breach after hacker leaks data for 950,000 people
• matchmytalent.com - (36,963 entries)
• kikname.com - (144,567 entries)
• iteam.ru - (14,509 entries)

Suggested Further Reading

• NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining
• FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data
• Hackers target Microsoft SQL servers in Mimic ransomware attacks
• Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach
• Toronto Zoo: Ransomware attack had no impact on animal wellbeing
• Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos
• Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals
• Hacker hijacks Orange Spain RIPE account to cause BGP havoc

About DarkOwl

DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.

Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and secure manner without having to access the darknet itself.

DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.

For more information, visit www.darkowl.com.