Deep and Dark Web Round Up

Highlights

• For continuing DarkOwl/overall analysis of the conflict between Israel and Hamas, and what cyber efforts accompany this ongoing situation, please see the first section titled “Middle East Conflict”
• RansomedVC operation put up for sale in Telegram channel from admin
• Boeing possibly breached by Lockbit ransomware gang
• Iran revealed as perpetrator behind 8-month cyber campaign targeting Middle East government, telecom, and financial sectors

Middle East Conflict

Cyber incidents continue to accompany the air and ground conflicts in the Middle East. The blur between digital operations, hacks, events, and attacks from physical conflicts is ongoing.

• Israel Calls in Hackers and Spyware Companies to Break into Abductees’ Phones
• Pro-Hamas Hacktivists Targeting Israeli Entities with Wiper Malware
• Hacktivist Activity Related to Gaza Conflict Dwindles

Malware/Ransomware

RansomedVC admin publicly publishes desire to sell ransomware operation

RansomedVC is apparently up for sale as the administrator no longer wishes to run the operation. On Monday, October 30th, the announcement came in the Telegram channel that the owners of the project were selling everything – source code, custom code, accompanying social media accounts, and more. They declined any journalist interviews and said the decision was due to personal reasons.

Boeing purportedly breached by LockBit gang; payment deadline is Nov 2

Threat group LockBit claimed to have infiltrated Boeing’s systems using a zero-day. Boeing appeared on the LockBit leak site at the end of October 2023, but they offered no proof of data or material belonging to Boeing.

Threat Actors?

Iran targets government, financial, telecom entities throughout Middle East

Iranian cyber actors have run a campaign for the past year targeting various entities in the already conflict-laden Middle East. Victims include Jordan, Kuwait, Oman, Iraq, Israel, and Saudi Arabia. Tools used in the 8-month long campaign include custom web shells and backdoors, indicating an elevated level of sophistication.

“Prolific Puma” abuses link shortening service in latest malicious campaign

Prolific Puma is distributing phishing services, malware, and other scams via link shortening services. They have registered tens of thousands of unique domain names since the spring of 2022 and are consistently abusing DNS infrastructure in their efforts. They have not been observed advertising these services on underground markets as of yet. There is also no indication as to where Prolific Puma operates from or what language they speak.

Notable Leaks and Breaches

• Hackers email stolen student data to parents of Nevada school district
• LastPass breach linked to theft of $4.4 million in crypto
• ServiceNow Data Exposure: A Wake-Up Call for Companies
• Netshoes customer data possibly hacked; 500k customers’ order info dumped?
• GameSprite - 6,164,643 breached accounts
• MemeChat - 4,348,570 breached accounts

Suggested Further Reading

• North Korean Hackers Targeting Crypto Experts with KANDYKORN macOS Malware
• How Telegram Became a Terrifying Weapon in the Israel-Hamas War
• Turla Updates Kazuar Backdoor with Advanced Anti-Analysis to Evade Detection
• SEC Charges Against SolarWinds CISO Send Shockwaves Through Security Ranks
• US Leads 40-Country Alliance to Cut Off Ransomware Payments
• Atlassian warns of critical Confluence flaw leading to data loss
• Canada bans WeChat and Kaspersky products on govt devices
• New Hunters International ransomware possible rebrand of Hive

About DarkOwl

DarkOwl uses machine learning to collect automatically, continuously, and anonymously, index and rank darknet, deep web, and high-risk surface net data that allows for simplicity in searching.

Our platform collects and stores data in near real-time, allowing darknet sites that frequently change location and availability, be queried in a safe and secure manner without having to access the darknet itself.

DarkOwl is unique not only in the depth and breadth of its darknet data, but also in the relevance and searchability of its data, its investigation tools, and its passionate customer service. As importantly, DarkOwl data is ethically and safely collected from the darknet, allowing users secure and anonymous access to information and threats relevant to their mission. Our passion, our focus, and our expertise is the darknet.

For more information, visit www.darkowl.com.