news

Breaking Cyber News From Cyberint

Breaking news feed of the latest cyber incidents, breaches, vulnerabilities, malware, ransomware and so much more.

  • Oct 02, 2024

    • Europe
    • Germany
    • Sportstech
    • Grep
    • Western Europe
    • Retail

    Sportstech - Breach - 2024-09-30

    In September 2024, the threat actor "grep" leaked the Sportstech database on a darknet forum following a data breach affecting the German fitness brand. The breach involved the personal information of 44,248 individuals, including names, email addresses, phone numbers, zip codes, countries, states, and registration dates.

  • Oct 02, 2024

    • Europe
    • Suspect
    • European Union
    • exclusive
    • Education
    • Erasmus

    Erasmus+ Database Leaked

    A threat actor with the alias "suspect" posted 230MB of data pertaining to Erasmus+ on Breached Forums. According to the provided sample, the data includes identifiers such as partner ID, id_participant participant ID, names, passwords, email addresses, and more.

  • Sep 26, 2024

    • Healthcare
    • Md Diamonds
    • Europe
    • United Kingdom
    • Grep
    • exclusive

    Breached database of MD Diamonds And Jewellers is leaked on BF

    In a post on Breached Forums, a threat actor named grep shares the breached database of the UK company MD Diamonds And Jewellers. According to the post, the breach occurred in September 2024, and the database he shares contains 2 million lines of contacts, private messages between customers and their data, certificates, and other internal data. A sample of the data is attached to the post. In the post, the TA attributes the attack to himself.

  • Sep 26, 2024

    • Rdp Hijacking
    • Europe
    • Dashoar
    • Manufacturing
    • exclusive
    • Sweden

    RDP access to a Swedish company in the industrial sector is for sale

    A threat actor named "dashoar" is selling unauthorized RDP access to a Swedish company in the industrial machinery and equipment sector for a negotiable price. According to the claim, the targeted company generates an annual revenue of $9.7 billion.

  • Sep 25, 2024

    • Latin America And The Caribbean
    • Government
    • Cobraegyleaks
    • exclusive
    • Education
    • Mexico

    Mexico 130K Lines Combolist exposed

    The threat actor "CobraEgyLeaks, posted on the cybercrime forum known as "BreachForums," an EMAIL:PASS (Username and Password) combo list with over 130K lines. According to the file, the emails are related to multiple government, educational, and private companies from Mexico. Anyone with access to this information could potentially try to brute force into specific websites, putting at risk to the users and relevant companies.

  • Sep 24, 2024

    • Government
    • Israel
    • Asia
    • Middle East
    • Handala

    'Handala' Claims to Have Leaked Internal Emails of Israeli Politician Benny Gantz

    The 'Handala' group claims to have leaked 35,000 internal email correspondences belonging to Israeli politician Benny Gantz. The leak was uploaded to the group's website.

  • Sep 23, 2024

    • Latin America And The Caribbean
    • Argentina
    • 888
    • Tiendup

    Tiendup e-commerce platform Data breach

    The threat actor **888** offered on the cyber crime forum "BreachForums" a potential Database of the e-commerce for digital businesses "TiendUp". According to the threat actor, the file contains more than 47K rows of Order information as well over 300K unique emails. The compromised data includes: First Name, Last Name, Email Address, Phone Number, Date Created, Currency, Total Amount, Promo Code, Payment Status, Payment Method, Delivery Status, Quantity, Price, etc.

  • Sep 22, 2024

    • exclusive
    • Liquid Blood
    • Народная Cyberармия

    People's CyberArmy and Liquid Blood have announced alliance

    In a Telegram post by People's CyberArmy (Russian- Народная CyberАрмия) they announce: "Today we have entered into an alliance with a young but extremely promising team- Liquid Blood. We hope for long and fruitful cooperation." Both are pro-Russian hacktivist groups.

  • Sep 22, 2024

    • exclusive
    • Liquid Blood
    • Noname

    NoName and Liquid Blood have announced a new alliance.

    On their Telegram channel they posted- "The enemy is not slumbering - that's why we must build up our collective cyber fist to fight back the banderites and other evil!" Both of the groups are known for their pro-Russian activities; they have recently been targeting Ukraine, Taiwan, Sweden, France, the UK, South Korea, Australia, and Kenya.

  • Sep 22, 2024

    • Ukraine
    • Europe
    • Government
    • exclusive
    • Ukraine Ministry Of Justice
    • I2Ptard

    Email data for the Ministry of Justice of Ukraine offered for sale

    A post by the threat actor i2ptard on onniforums offers access to an email data belonging to Ukraine's Ministry of Justice (mail.minjust.gov.ua). The seller claims the email follows a specific format based on location and department codes and includes a significant number of files, such as Word documents (docx), PDFs, and some database files (mdb). The account is offered for sale at 1 Monero (XMR), with the TA willing to use escrow for the transaction and provide proof of access by sending an email from the compromised account.

  • Sep 20, 2024

    • Philippines Department Of Foreign Affairs (Dfa)
    • Government
    • Philippines
    • breach

    Alleged Breach on Personal Data of 28 Million Philippine Passport Holders

    The Department of Foreign Affairs (DFA) in the Philippines revealed that the personal data of 28 million passport holders may be compromised due to the national printing office's failure to implement sufficient cybersecurity protections. This issue came to light during a Senate hearing, raising concerns about the security of sensitive information. The DFA is now working to address these vulnerabilities to protect the data of passport holders moving forward.

  • Sep 20, 2024

    • South-Eastern Asia
    • breach
    • Deathnote Hackers
    • Government
    • Government Service Insurance System (Gsis)
    • Philippines
    • Deathnote Hackers - Government Service Insurance System (Gsis) - Breach / Defacement - 2024-09-12
    • Asia

    Government Service Insurance System (GSIS) Breach by DeathNote Hackers

    On September 12, 2024, DeathNote Hackers revealed that they breached the Government Service Insurance System (GSIS), accessing its system using an administrator account without detection. They manipulated modules and apps, pointing out that the IT department failed to notice any red flags. This highlights serious vulnerabilities in GSIS's security and monitoring systems. The hackers warned that if this had been a malicious attack, the damage could have been significant. They emphasized the importance of addressing these security gaps to prevent future exploitation, especially from more dangerous actors. The incident calls for an urgent review of GSIS's cybersecurity defenses.

  • Sep 19, 2024

    • Israeli Industrial Batteries
    • Israel
    • Asia
    • Middle East
    • Handala

    'Handala' Claims Breach of Israeli Producer of Industrial Batteries 'IIB'

    The hacker group 'Handala' claims to have breached 'IIB' (Israeli Industrial Batteries), a producer of industrial batteries, as part of their OPIsrael campaign. According to the group, they obtained 6 TB of sensitive data, including emails, financial and administrative documents, design files, and more, though no samples have been provided yet.

  • Sep 19, 2024

    • Israel
    • Asia
    • Middle East
    • Vidisco X-Ray
    • Handala

    'Handala' Claims Breach of Israeli Defense and Space Manufacturer 'Vidisco X-ray'

    The hacker group 'Handala' claims to have breached the Israeli defense and space manufacturer 'Vidisco X-ray,' which they allege collaborates with the Israeli Ministry of Defense, as part of their OPIsrael campaign. According to the group, they obtained 10 GB of confidential company information, including design and development documents. They have also released samples of the purportedly breached data.

  • Sep 18, 2024

    • Mimichan
    • Club Atlético Vélez Sarsfield
    • Argentina
    • Latin America And The Caribbean

    Database of Velez Sarsfield Club members for sale

    The threat actor MimiChan is offering for sale on the cyber crime forums know as "BreachForums" a database of over 180K members of the Football club Club Atletico Velez Sarsfield. According to the threat actor, the database includes personal information such as member status, ID, alias, full name, address, phone, CUIT, Picture, etc. A sample with a potential proof of access was also shown. No specific selling price was posted.

  • Sep 18, 2024

    • Asia
    • Bharat Petroleum
    • India
    • Energy
    • Southern Asia
    • Sorb

    A Threat Actor Claims To Have Breached Fortune 500 Company Bharat Petroleum

    On September 3, 2024, the threat actor "Sorb" claimed to have breached Bharat Petroleum, a service for purchasing and delivering bottled gas. According to the threat actor, the dataset comprises 592 CSV tables totaling 143 gigabytes, with the main orders table containing 148 million rows, including 21 million unique entries. The compromised data includes personal information such as phone numbers, names, delivery addresses, and additional details related to delivery, payment, and order lists. The data is being offered for $1,500.

  • Sep 17, 2024

    • United States
    • Temu
    • Aerodactyl
    • Retail
    • North America

    Threat Actor Claims To Have Breached Temu And To Have Stolen 87 million Records

    On September 16, 2024, the threat actor "Aerodactyl" announced that a database from the company Temu is up for sale. According to the threat actor, this database, which was accessed via a subdomain contains over 87 million lines of data. The sample provided includes various personal details such as names, addresses, phone numbers, and more.

  • Sep 17, 2024

    • Chunghwa Telecom
    • N1K7
    • Asia
    • 303
    • Eastern Asia
    • Telecommunications
    • Taiwan

    Threat Actors Claim To Have Breached Taiwan's Biggest Telecommunications Company - Chunghwa Telecom

    In September 2024, the threat actors "303" and "N1k7" claimed to have breached Chunghwa Telecom, a Taiwan-based Telecommunications company, and to have gained access to its database. According to the threat actor, 400GB of data belonging to Chunghwa Telecom's customers, including sensitive information and documents, was taken.

  • Sep 16, 2024

    • United States
    • Manufacturing
    • Caterpillar
    • North America
    • Zerosevengroup

    Threat Actors Claim To Have Exfiltrated 80 GB Of Data Belonging To Caterpillar

    In September 2024, the threat actor group ZeroSevenGroup claimed to have breached CAT (Caterpillar Inc.), alleging the theft and release of 80GB of data. This purportedly includes sensitive information such as projects, employee and customer details, financial records, engine and machinery designs, and email communications.

  • Sep 15, 2024

    • Government
    • Israel
    • Asia
    • Middle East
    • Zerosevengroup

    Database of Israeli Defense Companies Offered for Sale on a Cyber Crime Forum

    The threat actor group “ZeroSevenGroup" offers for sale a database allegedly related to several Israeli companies from the defense sector. According to the group, the database contains confidential governmental information, such as contracts from secret meetings with governments and companies, reports on organizations purportedly tied to Israel, and sensitive data on diplomatic and military relations, defense technologies, airports, ports, etc. The database is priced at 200K XMR (Monero) and is allegedly being offered exclusively to seven entities: Hamas, Hezbollah, Houthis, the Iranian government, Kata'ib Hizballah, the Russian government, North Korean government, and Chinese government.

  • Sep 15, 2024

    • Manufacturing
    • Zerosevengroup
    • Kale Savunma

    Threat Actors Claim Breach Of Turkish Defense Contractor Kale Savunma

    On September 14, 2024, the threat actor group “ZeroSevenGroup” announced the sale of a comprehensive data dump from KALE SAVUNMA, a Turkish defense and space manufacturing company. The breach reportedly includes 70 GB of sensitive information, such as backups, database contents, project details, manufacturing designs, and personal data of employees, customers, and partners. Additional exposed data encompasses research, agreements, financial details, applications, photos, IDs, and system schematics. The leak also contains confidential data related to major Turkish defense companies including Aselsan, Havelsan, and Roketsan.

  • Sep 12, 2024

    • Business Services
    • Sacara
    • Israel
    • Asia
    • Middle East
    • 888

    A Threat Actor claims to have breached Israeli-based Sacara

    In September 2024, a threat actor named 888 claimed to have breached Sacara and to have gained access to its database. According to the threat actor, nearly 700 thousand rows of user data belonging to Sacara's customers were taken, including club codes, customer names, addresses, phone numbers, dates of birth, and email addresses.

  • Sep 12, 2024

    • Business Services
    • Intelbroker
    • United States
    • Rapid E - Suite
    • North America

    IntelBroker Claims To Have Breached Rapid E-Suite, Stealing Entirety Of Its Source Code

    In September 2024, a threat actor named intelbroker claimed to have breached Rapid E-Suite and to have gained access to its database. According to the threat actor, the entire source code, along with PDFs and hardcoded credentials belonging to rapidesuite's customers, was taken.

  • Sep 11, 2024

    • Cultura
    • Europe
    • France
    • Western Europe
    • Horrormar44

    Database of 'Cultura' Offered for Sale on a Cyber Crime Forum

    The French retailer Cultura fell victim to a data breach in which threat actors gained access to a portion of its customer information. The hacker, known as 'horrormar44,' claims to have obtained over 2 million records containing sensitive details such as email addresses, phone numbers, home addresses, and more. The threat actor has also provided samples of the stolen data, along with a Telegram contact for further inquiries.

  • Sep 11, 2024

    • Europe
    • France
    • Western Europe
    • Truffaut
    • Horrormar44

    Database of 'Truffaut' Offered for Sale on a Cyber Crime Forum

    The French company 'Truffaut' has fallen victim to a data breach, where threat actors gained access to a portion of its customer information. The hacker, known as 'horrormar44', claims to have obtained over 270,000 records containing sensitive details such as email addresses, phone numbers, home addresses, and more. The threat actor has also provided samples of the stolen data and shared a Telegram contact for further inquiries.

  • Sep 10, 2024

    • G0Dhand
    • Latin America And The Caribbean
    • Government
    • exclusive
    • Argentina

    Database of the Government of Godoy Cruz, Argentina exposed

    The threat actor **GODHAND ** posted on the cybercrime forum, known as "BreachForums," a DataBase related to the "Obras Particulares of Godoy Cruz, Argentina government", mainly related to the Architecture, Construction, and Fire Prevention Plans. According to the threat actor, the information contains multiple plans from different private buildings with electrical, fire prevention, and architectural details, as well as JSON API responses containing emails and user details. Furthermore, They claim to have additional internal files and documents that can be negotiated via PM.

  • Sep 10, 2024

    • South-Eastern Asia
    • breach
    • Deathnote Hackers
    • Philippines
    • Mptc - Breach - 2024-09-07
    • Metro Pacific Tollways
    • Transportation

    Metro Pacific Tollways Corporation's EasyTrip RFID Systems Breached by DeathNote Hackers

    On September 07, 2024, the DeathNote Hackers announced via their official channels that they have breached Metro Pacific Tollways Corporation's (MPTC) EasyTrip RFID systems. Nearly 1 million (~972,848) EasyTrip records were impacted by this breach, including customers' reloading balances, pre-loaded toll accounts, reload transactions, toll card insertion logs, successful and invalid adjustment activities, API logs, OBUID Number,Exit Plaza Name , RFID Numbers, Support Numbers, TID, EPC, Plate Numbers, Account Numbers, Customer Names, Ref Numbers, Balance Amount, Email logs, Extension logs, General logs, Service Action logs, Mobile Request logs, Integration logs, Screen logs, Timer logs, Credentials, and Active Directory Configurations. As Philippine tollway corporations slowly migrate to 100% contactless payment and toll access using RFIDs, this data breach could highly impact EasyTrip customers. Threat actors could use exposed customers' data to conduct malicious campaigns and social engineering attacks.

  • Sep 09, 2024

    • Akira
    • Europe
    • United Kingdom
    • Sonicwall
    • Cve-2024-40766
    • CVE-2024-40766

    Akira Ransomware Group exploited SonicWall SSLVPN access control flaw in their attacks

    SonicWall has issued a warning that a recently patched access control vulnerability, tracked as CVE-2024-40766, is potentially being exploited in the wild. It urges administrators to apply the necessary updates immediately. The flaw, with a critical CVSS score of 9.3, affects SonicWall Firewall Gen 5, Gen 6, and Gen 7 devices. It allows unauthorized access to resources and potentially crashes the firewall, thus compromising network protections. Initially disclosed in August 2024, the flaw was believed to impact only SonicOS management access, but SonicWall has since confirmed that it also affects the firewall’s SSLVPN feature. The company advises administrators to limit firewall management to trusted sources, restrict SSLVPN access, and implement multi-factor authentication (MFA). Reports suggest that the Akira ransomware group is among the attackers exploiting this vulnerability. SonicWall emphasizes the importance of applying patches promptly to protect against these ongoing threats.

  • Sep 09, 2024

    • Eastern Asia
    • South Korea
    • Asia
    • Spyagent

    New Android SpyAgent Malware Steal Crypto Wallet Recovery Keys

    Android users in South Korea have become the target of a new malware campaign distributing a threat called SpyAgent. This malware, according to McAfee Labs, scans devices for images containing mnemonic keys, which are recovery phrases used to access cryptocurrency wallets. The campaign has expanded beyond South Korea, now affecting users in the U.K. as well. SpyAgent spreads through fake Android apps disguised as legitimate banking, government, streaming, and utility apps, with over 280 such apps detected this year. Users are tricked into downloading the malware via SMS messages containing links to APK files hosted on deceptive websites. Once installed, SpyAgent requests intrusive permissions to access sensitive data like contacts, photos, SMS messages, and other device information. The malware’s key feature is its use of optical character recognition (OCR) to steal mnemonic keys, potentially giving attackers access to victims' cryptocurrency wallets. McAfee Labs also discovered significant security lapses in the malware's command-and-control (C2) infrastructure, including an exposed server hosting victim data and an admin panel for remotely controlling infected devices. Moreover, the malware has shifted its communication method from HTTP to WebSocket connections, making it harder to detect by traditional network monitoring tools.

  • Sep 08, 2024

    • Thailand
    • South-Eastern Asia
    • Tourism
    • Tourism Authority Of Thailand
    • Asia

    ASD3312 - Tourism Authority of Thailand - 06-09-2024

    On September 6th, a threat actor named "ASD3312" posted regarding a data breach on Breachforums targeting "Polri" - The Tourism Authority of Thailand. The breach contains personal information of Tourism Authority of Thailand customers such as Name, Phone Number, Address, Destination, Planned Duration, Accommodation and more

  • Sep 08, 2024

    • Everest
    • Chemicals And Allied Products
    • Mitsubishi Chemical Group
    • Asia
    • Manufacturing
    • Japan
    • Eastern Asia

    Everest Ransomware Group has allegedly attacked Mitsubishi Chemical Group - 2024-08-31

    Everest Ransomware group has claimed to have attacked Mitsubishi Chemical Group, a chemical manufacturing company based in Tokyo, Japan. The group claims to have gained access to 6TB of organizational data and offers it for sale.

  • Sep 08, 2024

    • South-Eastern Asia
    • Government
    • Asia
    • Indonesia
    • Indonesian National Police

    EagleCyber--74 - Polri (Indonesian National Police) - 05-09-2024

    On September 5th, a threat actor named "EagleCyber--74" posted regarding a data breach on Breachforums targeting "Polri" - The Indonesian National Police. The breach contains personal information of Polri employees, including ID numbers, rank, first and last names, position, unit, address, phone number, and more.

  • Sep 08, 2024

    • Vkontakte
    • exclusive
    • Russia
    • Hikkl-Chan
    • Vk - Breach - 2024-09-02

    Database of VK is offered for sale

    The threat actor Hikkl-Chan is offering the DB for download on Breached Forums. VKontakte (VK), one of Russia's largest social networking platforms, suffered a significant data breach, exposing personal information belonging to hundreds of millions of users. The leaked data includes user IDs, names, surnames, gender, profile images, countries, and cities. The database, containing 390,425,718 records, is available in a 27.66GB uncompressed file (7.04GB compressed).

  • Sep 08, 2024

    • Elmi Elettromeccanica
    • Manufacturing
    • exclusive
    • Cybervolk.
    • Italy

    Pro-Russian Hacktivist Group CyberVolk Claims Infiltration of Elmi Elettromeccanica

    The pro-Russian hacktivist group CyberVolk has claimed responsibility for an alleged infiltration of Elmi Elettromeccanica, an Italian company. In a recent post, the group stated that they had "examined" the company's systems, describing the results as “usual.” The message, shared on their Telegram channel, included a link to the company’s website and was tagged with hashtags like #OpItaly and #Global, suggesting a continued focus on Italian targets.

  • Sep 05, 2024

    • South-Eastern Asia
    • breach
    • Makati Medical Center
    • Government
    • Philippines
    • Wypoondevx
    • Makati Government
    • University Of Makati

    City of Makati - Under Cyber-Attack by "wypoondevx"

    This week, the City of Makati, Philippines experienced multiple cyber-attacks conducted by a threat actor - wypoondevx. The breaches occurred in different sectors within Makati City, namely - Makati Government (makati.gov.ph), Makati Medical Center, and University of Makati. The threat actor is quite new in the Philippine Threat Landscape who started conducting cyber-attacks in May 2024, following the recent April Lulz campaign. He initially used the alias "executivedevx" and later on changed to "wypoondevx." As observed from his nefarious activities, he mainly targets organizations located in Makati City. In June 2024, he attacked Toyota Makati Philippines (TMP) which exposed sensitive customer information.

  • Sep 03, 2024

    • Presidential Communications Office
    • South-Eastern Asia
    • hacktivist
    • Philippines Exodus Security
    • Philippines
    • Denial Of Service
    • Ghost Exodus Ph

    The Comeback of Philippines Exodus Security (PHEDSS) Gang

    In June 2024, a Philippine threat group — Philippines Exodus Security — announced its end of operation. They were behind the Denial-of-Service attacks targeting local banks and government organizations during the "April Lulz 2024" campaign in the Philippines. On September 01, 2024, their Botnet known as "Exodus," is back online. Their comeback was announced on their official Telegram channel, and they started by attacking the Presidential Communications Office (pco.gov.ph). One of their administrators — Ghost Exodus PH (a.k.a. GhostXPH) — has mentioned that new configurations were added to their Botnet tool, namely: Rossetta_SKY, Volcano_V3, and ZMB_POWER.

  • Aug 29, 2024

    • Appletec Ltd
    • Israel
    • Asia
    • Middle East
    • Handala

    'Handala' Hacker Group Claims Breach to Israeli Company 'Appletec Ltd'

    The 'Handala' hacker group claims to have breached the Israeli company 'Appletec Ltd,' a distributor of electronics, optical components, and value-added services for the communications, industrial/medical, and defense sectors. The group alleges they have acquired 7 TB of confidential company data, including emails, financial and administrative documents, personnel information, and more. No samples have been released so far, but 'Handala' has stated their intention to release the full alleged stolen data soon.

  • Aug 29, 2024

    • Europe
    • Government
    • United Kingdom
    • exclusive
    • Bae Systems
    • Just Evil

    Sensitive Military Data of BAE Systems Allegedly for Sale by Just Evil

    A recent post on the Telegram channel "Just Evil" claims to offer highly sensitive data for sale, allegedly stolen from the British multinational defense, security, and aerospace company BAE Systems. The post, written in Russian, advertises "leaky engineering project files" totaling over 150 GB of data. The data reportedly includes comprehensive details on military airfield projects, covering everything from radar systems and air defense to the layouts of facilities, including bathroom dimensions.

  • Aug 29, 2024

    • Latin America And The Caribbean
    • Rappi
    • exclusive
    • Colombia
    • Satanic
    • Automotive
    • Brazil

    Rappi Database Full Database for Download

    The threat actor **Satanic** posted on Breachforums 3 Databases for download related to a potential July breach of the Latin American company Rappi as well as their subsidiaries Rappi Carga and Rappi Pay. According to the threat actor, the databases contain customers' information, including names, physical and email addresses, phone numbers, payment and financial information, contracts, etc.

  • Aug 28, 2024

    • South-Eastern Asia
    • breach
    • Government
    • Philippines
    • Grep
    • Legal Services
    • Supreme Court Philippines - Breach - 2024-08-27
    • Supreme Court Of The Philippines

    Data Breach on Supreme Court of the Philippines Exposing Sensitive Legal Information

    On August 27, 2024, a threat actor named "grep" posted in BreachForums about a data breach information on the Supreme Court of the Philippines. The breach has impacted around ~13,000 rows of sensitive data, which contain Assessment Numbers of legal cases and applications, Full Name of individuals involved in the legal case, Case Categories and Types, Date Files, Payment Date, and Payment Status.

  • Aug 28, 2024

    • Healthcare
    • South-Eastern Asia
    • breach
    • Deathnote Hackers
    • Philippines
    • Ospital Ng Makati
    • Slashie

    Alleged Data Breach on Vaccine Records from Ospital ng Makati Affecting 19,000 Individuals

    Recently, one of the DeathNote Hackers members - Slashie - shared an information that he breached Ospital ng Makati (OSMAK) - located in the Philippines - which impacted vaccine records of 19,000 individuals. According to the threat actor, they have infiltrated the hospital's system by exploiting a vulnerability. The threat actor has not yet posted the data publicly; they just want to deliver this breach information so that the hospital can take immediate action to secure its systems. The exposed information includes vaccine type, vaccination dates, full name of the individuals, and the location of the vaccination site.

  • Aug 26, 2024

    • Europe
    • Islamic Republic Of Iran
    • United States
    • United Kingdom
    • Spear Phishing
    • Israel
    • Asia
    • Middle East
    • Southern Asia
    • North America
    • Apt42

    Meta Exposes Iranian Threat Actors Targeting Global Political Figures on WhatsApp

    Meta Platforms revealed on Friday that it had uncovered the activities of an Iranian state-sponsored threat actor, known as APT42 or Charming Kitten, using a small cluster of WhatsApp accounts to target individuals in Israel, Palestine, Iran, the U.K., and the U.S. The targets included political and diplomatic figures, some of whom were linked to the Biden and Trump administrations. APT42, linked to Iran’s Islamic Revolutionary Guard Corps (IRGC), is notorious for its sophisticated social engineering tactics aimed at stealing credentials through spear-phishing. The WhatsApp accounts, which posed as technical support from companies like AOL and Google, were blocked by Meta after being detected. This revelation aligns with broader concerns about Iran’s efforts to undermine U.S. elections and sow division within the American public.

  • Aug 26, 2024

    • exclusive
    • Government
    • Turkey
    • Zerosevengroup

    Breach Forums Listing by ZeroSevenGroup Offers Access to Turkish Defense Firm

    A new listing by the threat actor ZeroSevenGroup on Breach Forums offers full access to a defense and space manufacturing company in Turkey. The access, which includes Command and Control (C2) capabilities, shell access, and administrator privileges, is being sold for $20,000, though the price is negotiable. The listing indicates that the compromised network consists of 125 devices, with domain admin access available. Interested buyers are instructed to contact the seller via private message.

  • Aug 26, 2024

    • exclusive
    • Energy
    • Zerosevengroup
    • Brazil

    XSS Forum Listing by ZeroSevenGroup Sells Access to Brazilian Energy Firm

    A post by the TA ZeroSevenGroup on XSS forum is advertising full network access to a Brazilian company in the electricity, oil, and gas industries. The company, which has reported revenue of $5.3 million, is being offered for sale with claimed administrator-level access and Command and Control (C2) capabilities. The asking price is $10,000, and the seller is willing to work with a guarantor to facilitate the transaction.

  • Aug 22, 2024

    • United States
    • Telecommunications
    • Virgin Mobile Latam
    • 576
    • North America

    Virgin Mobile - Breach - 2024-08-21

    On August 21, 2024, the threat actor "576" disclosed a massive data breach involving Virgin Mobile LATAM. The breach exposed over 1.7 TB of data from the Mexico, Colombia, and Chile branches. The leaked data includes user and employee information, payment records, CDR data, SIM card details, and subscriber IDs. Additionally, the threat actor offers domain administrator access to approximately 700 hosts, SSH keys, and AWS keys. Sample files include a database with 1.1 million lines detailing user credentials and other sensitive information. In Addition, it seems some of the company's domains have been taken down in the process.

  • Aug 21, 2024

    • South-Eastern Asia
    • 🇮🇩 Z-Bl4Cx-H4T 🇮🇩
    • Government
    • Philippines
    • Philippines' Civil Service Commission

    Credentials Associated with Philippines' Civil Service Commission Web-based Portal Leaked Publicly

    On August 12, 2024, an Indonesian threat group — Z-BL4CX-H4T — consolidated several exposed credentials associated with the Philippines' Civil Service Commission and posted them on their Telegram channel. Based on Cyberint's sources, the credentials were highly likely exposed due to infection of Infostealer malware on devices where Civil Service Commission credentials have been used or stored. The affected credentials are part of "ighrs.csc.gov.ph."

  • Aug 21, 2024

    • Healthcare
    • South-Eastern Asia
    • breach
    • Philippines
    • Chinese General Hospital And Medical Center

    Alleged Data Breach on Chinese General Hospital and Medical Center

    On August 20, 2024, a threat actor — MaPaDedSec — posted data breach information in BreachForums targeting Chinese General Hospital and Medical Center located in the Philippines. It is one of the oldest hospitals in the Philippines, founded during the Spanish occupation of the country with donations from Chinese immigrants. The threat actor has joined BreachForums recently (August 2024) and this breach is his/her only post in the said underground forum. According to the threat actor and the sample data provided, the exfiltrated data contained sensitive information related to Chinese/Filipino doctors and patients in the said hospital. The threat actor has not shared an exposed data count, just sample data that includes information on sixty-five (65) doctors/patients.

  • Aug 21, 2024

    • South-Eastern Asia
    • breach
    • Deathnote Hackers
    • Philippines
    • Senate Of The Philippines
    • Deathnote Hackers - Senate Of The Philippines - Breach - 2024-08-20

    Philippine-based Threat Group - DeathNote Hackers - Gained Unauthorized Access to Senate of the Philippines' Web-based Portal and SharePoint Site

    On August 20, 2024, DeathNote Hackers posted on their Telegram channel and Facebook page that they have gained access to Senate of the Philippines' SSL VPN Web Portal. This incident was led by the current DeathNote Hackers leader - Klammer. Gaining unauthorized access to the portal had led to exposure of the Senate Legislative Information System and SharePoint Site, which includes Business Sessions documents, Legislative Calendars, Statistical Data on Bills, Senate Agendas, and more. The unauthorized access to the web-based portal highly likely occurred due to the use of weak credentials, as observed by Cyberint. Based on Cyberint's sources, this credential has been exposed on several malware log dumps.

  • Aug 19, 2024

    • Europe
    • France
    • United Kingdom
    • Switzerland
    • exclusive
    • Xyloenn
    • Austria
    • Italy
    • Spain
    • Finance

    European KYC Data Offered For Sale

    The threat actor xyloen on Breached Forums is offering 165,750 records totaling 185 GB, sourced from various European e-commerce platforms. The data claimed to be collected just one month ago, includes personal information from multiple countries, with the largest volumes coming from France (37,220 records), Italy (23,115 records), and Spain (18,965 records). Other affected nations include Germany, the United Kingdom, and several others across Europe. The seller is offering the data for $1,100, accepting cryptocurrency payments, and limiting the sale to just three buyers. Interested parties are directed to contact the seller via Telegram for further details. Proof of data is available upon request.

  • Aug 19, 2024

    • South-Eastern Asia
    • Lotte Mart
    • Food Stores
    • Asia
    • Indonesia
    • Agreindex
    • Food And Kindred Products
    • Retail

    Indonesia data of Lotte Mart is offered for sale on a deep-web forum

    A deep-web forum user, agreindex, is offering for sale Lotte Mart Indonesia's full database, clients, orders, and payment details. In addition, the user includes samples of the data offered for sale.

Ready to
experience hyper-relevance?

See Argos Edge in action!

Schedule a demo

Uncover your compromised credentials from the deep and dark web

Fill in your business email to start