#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

dark web | Breaking Cybersecurity News | The Hacker News

U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web

U.S. Seizes Over 50K Bitcoin Worth $3.3 Billion Linked to Silk Road Dark Web
Nov 08, 2022
The U.S. Department of Justice (DoJ) on Monday said it seized 50,676 Bitcoin in November 2021 that was stolen in the 2012 hack of the now-defunct Silk Road dark web marketplace. The bitcoin, which was obtained in 2012 and valued at $3.36 billion when it was discovered last year, is now worth $1.04 billion. Additionally recovered were $661,900 in cash, 25 Casascius coins with an approximate value of 174 Bitcoin, and gold- and silver-colored bars. It's also one of the largest cryptocurrency seizures to date, followed by the confiscation of $3.6 billion worth of bitcoin  earlier this February  tied to the 2016 breach of the Bitfinex crypto exchange. The Justice Department said it conducted the seizure on November 9, 2021, pursuant to a search warrant issued to James Zhong's house located in the U.S. state of Georgia. It also said the keys to the tokens were found in an underground floor safe and on a "single-board computer that was submerged under blankets in a popcorn t

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace

British Hacker Charged for Operating "The Real Deal" Dark Web Marketplace
Oct 27, 2022
A 34-year-old U.K. national has been arraigned in the U.S. for operating a dark web marketplace called  The Real Deal  that specialized in the sales of hacking tools and stolen login credentials. Daniel Kaye , who went by a litany of pseudonyms Popopret, Bestbuy, UserL0ser, and Spdrman, has been charged with five counts of access device fraud and one count of money laundering conspiracy. Kaye was indicted in April 2021, and subsequently consented to his extradition from Cyprus to the U.S. in September 2022. "While living overseas, this defendant allegedly operated an illegal website that made hacking tools and login credentials available for purchase, including those for U.S. government agencies,"  said  U.S. Attorney Ryan K. Buchanan. Court documents show that  The Real Deal , until its shutdown in 2016, functioned as a market for illicit items, including stolen account logins for U.S. government computers, bank accounts, and social media platforms such as Twitter and

Why Ransomware in Education on the Rise and What That Means for 2023

Why Ransomware in Education on the Rise and What That Means for 2023
Oct 24, 2022
The breach of LA Unified School District (LAUSD) highlights the prevalence of password vulnerabilities, as criminal hackers continue to use breached credentials in increasingly frequent ransomware attacks on education. The Labor Day weekend breach of LAUSD brought significant  districtwide disruptions to access to email , computers, and applications. It's unclear what student or employee data the attackers exfiltrated. There is a significant trend in ransomware breaches in education, a highly vulnerable sector. The transitory nature of students leaves accounts and passwords vulnerable. The open environments schools create to foster student exploration and the relative naivete in the sector regarding cybersecurity invite attacks.  The breach at LAUSD and what happened afterward Four days post-breach, reports came that criminals had offered credentials for accounts inside the school district's network  for sale on the dark web  months before the attack. The stolen credential

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks

Hackers Aid Protests Against Iranian Government with Proxies, Leaks and Hacks
Sep 29, 2022
Several hacktivist groups are using Telegram and other tools to aid anti-government protests in Iran to bypass regime censorship restrictions amid  ongoing unrest  in the country following the death of Mahsa Amini in custody. "Key activities are data leaking and selling, including officials' phone numbers and emails, and maps of sensitive locations," Israeli cybersecurity firm Check Point  said  in a new report. The company said it has also witnessed sharing of proxies and open VPN servers to get around censorship and reports on the internet status in the country, with one group helping the anti-government demonstrators access social media sites. Chief among them is a Telegram channel called Official Atlas Intelligence Group (AIG) that's primarily focused on publishing data associated with government officials as well as maps of prominent locations. Calling itself the "CyberArmy," the group is said to have commenced its operations in May and has also

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards

Authorities Shut Down WT1SHOP Site for Selling Stolen Credentials and Credit Cards
Sep 07, 2022
An international law enforcement operation has resulted in the dismantling of  WT1SHOP , an online criminal marketplace that specialized in the sales of stolen login credentials and other personal information. The seizure was orchestrated by Portuguese authorities, with the U.S. officials taking control of four domains used by the website: "wt1shop[.]net," "wt1store[.]cc," "wt1store[.]com," and "wt1store[.]net." The website peddled over 5.85 million records of personally identifying information (PII), including approximately 25,000 scanned driver's licenses/passports, 1.7 million login credentials for various online shops, 108,000 bank accounts, 21,800 credit cards, the U.S. Justice Department (DoJ)  said . The DoJ also unveiled a criminal complaint against Nicolai Colesnicov, accusing the 36-year-old individual from the Republic of Moldova of running the marketplace. Colesnicov has been charged with conspiracy and with trafficking in un

FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks

FBI Warns About Hackers Selling VPN Credentials for U.S. College Networks
May 30, 2022
Network credentials and virtual private network (VPN) access for colleges and universities based in the U.S. are being advertised for sale on underground and public criminal marketplaces. "This exposure of sensitive credential and network access information, especially privileged user accounts, could lead to subsequent cyber attacks against individual users or affiliated organizations," the U.S. Federal Bureau of Investigation (FBI)  said  in an advisory published last week. The cyber intrusions against educational institutions involve threat actors leveraging tactics like spear-phishing and ransomware to carry out credential harvesting activities. The gathered credentials are then exfiltrated and sold on Russian cybercrime forums for prices ranging from a few to thousands of U.S. dollars. Armed with this login information, the agency pointed out, adversaries can proceed to conduct brute-force  credential stuffing  attacks to break into victim accounts spanning different

Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government

Russian Conti Ransomware Gang Threatens to Overthrow New Costa Rican Government
May 18, 2022
The notorious Conti ransomware gang, which last month staged an attack on Costa Rican administrative systems, has threatened to "overthrow" the new government of the country. "We are determined to overthrow the government by means of a cyber attack, we have already shown you all the strength and power," the group said on its official website. "We have our insiders in your government. We are also working on gaining access to your other systems, you have no other options but to pay us." In a further attempt to increase pressure, the Russian-speaking cybercrime syndicate has raised its ransom demand to $20 million in return for a decryption key to unlock their systems. Another message posted on its dark web portal over the weekend issued a warning stating it will delete the decryption keys in a week, a move that would make it impossible for Costa Rica to recover access to the files encrypted by the ransomware. "I appeal to every resident of Costa R

Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards

Russia Cracks Down on 4 Dark Web Marketplaces for Stolen Credit Cards
Feb 10, 2022
A special law enforcement operation undertaken by Russia has led to the seizure and shutdown of four online bazaars that specialized in the theft and sales of stolen credit cards, as the government continues to take active measures against harboring cybercriminals on its territory. To that end, the domains operated by the card fraud forms and marketplaces, Ferum Shop, Sky-Fraud, Trump's Dumps, and UAS, were confiscated and plastered with a banner that warned "theft of funds from bank cards is illegal." Also embedded into the HTML source code was a message asking, "Which one of you is next?" The seizures were orchestrated by the Department "K," a division of the Ministry of Internal Affairs of the Russian Federation that focuses primarily on information technology-related crimes, according to  Flashpoint . In a related development, state-owned news agency TASS  said  that six Russian individuals were being charged with "the illegal circulation o

DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering

DeepDotWeb News Site Operator Sentenced to 8 Years for Money Laundering
Jan 31, 2022
An Israeli national was sentenced to 97 months in prison in connection with operating the DeepDotWeb ( DDW ) clearnet website, nearly a year after the individual pleaded guilty to the charges. Tal Prihar, 37, an Israeli citizen residing in Brazil, is said to have played the role of an administrator of DDW since the website became functional in October 2013. He  pleaded guilty  to money laundering charges in March 2021 and agreed to forfeit the illegally amassed profits. DDW, until its seizure in May 2019, ostensibly  served  as a "news" website that connected internet users with underground marketplaces on the dark web that operate via darknets such as Tor, enabling the purchase of illegal firearms, malware and hacking tools, stolen financial data, heroin, fentanyl, and other illicit materials. Prihar, acting in cohorts with co-defendant Michael Phan, 34, of Israel, provided direct links to illegal marketplaces and in return for advertising these links, reaped substantia

Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down

Dark Web's Largest Marketplace for Stolen Credit Cards is Shutting Down
Jan 17, 2022
UniCC, the biggest dark web marketplace for stolen credit and debit cards, has announced that it's shuttering its operations after earning $358 million in purchases since 2013 using cryptocurrencies such as Bitcoin, Litecoin, Ether, and Dash. "Don't build any conspiracy theories about us leaving," the anonymous operators of UniCC said in a farewell posted on dark web carding forums, according to blockchain analytics firm Elliptic. "It is [a] weighted decision, we are not young and our health do[es] not allow [us] to work like this any longer." The UniCC team also gave its users 10 days to spend their balances, while also warning customers to "not follow any fakes tied to our comeback." Platforms such as UniCC function as an underground marketplace wherein credit card details stolen from online retailers, banks, and payments companies by injecting  malicious skimmers  are trafficked in exchange for cryptocurrency. The cards are then used by crim

REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks

REvil Ransomware Gang Mysteriously Disappears After High-Profile Attacks
Jul 14, 2021
REvil, the infamous ransomware cartel behind some of the biggest cyberattacks targeting JBS and Kaseya, has mysteriously disappeared from the dark web, leading to speculations that the criminal enterprise may have been taken down. Multiple darknet and clearnet sites maintained by the Russia-linked cybercrime syndicate, including the data leak, extortion, and payment portals, remained inaccessible, displaying an error message "Onionsite not found."  The group's  Tor network infrastructure  on the dark web consists of one data leak blog site and 22 data hosting sites. It's not immediately clear what prompted the infrastructure to be knocked offline. REvil is one of the most prolific ransomware-as-a-service (RaaS) groups that first appeared on the threat landscape in April 2019. It's an evolution of the  GandCrab  ransomware, which hit the underground markets in early 2018. "If REvil has been permanently disrupted, it'll mark the end of a group which ha

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards

Dark Web Getting Loaded With Bogus Covid-19 Vaccines and Forged Cards
May 13, 2021
Bogus COVID-19 test results, fraudulent vaccination cards, and questionable vaccines are emerging a hot commodity on the dark web in what's the latest in a long list of cybercrimes  capitalizing  on the  coronavirus  pandemic. "A new and troubling phenomenon is that consumers are buying COVID-19 vaccines on the black market due to the increased demand around the world,"  said  Anne An, a senior security researcher at McAfee's Advanced Programs Group (APG). "As a result, illegal COVID-19 vaccines and vaccination records are in high demand on darknet marketplaces." The growing demand and the race towards achieving herd immunity means at least a dozen underground marketplaces are peddling COVID-19 related merchandise, with Pfizer-BioNTech vaccines purchasable for $500 per dose from top-selling vendors who rely on services like Wickr, Telegram, WhatsApp, and Gmail for advertising and communications. Darknet listings for the supposed vaccines are being sold

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities

Over 25% Of Tor Exit Relays Spied On Users' Dark Web Activities
May 10, 2021
An unknown threat actor managed to control more than 27% of the entire Tor network exit capacity in early February 2021, a new study on the dark web infrastructure revealed. "The entity attacking Tor users is actively exploiting tor users since over a year and expanded the scale of their attacks to a new record level," an independent security researcher who goes by the name nusenu  said  in a write-up published on Sunday. "The average exit fraction this entity controlled was above 14% throughout the past 12 months." It's the latest in a series of efforts undertaken to bring to light malicious Tor activity perpetrated by the actor since  December 2019 . The attacks, which are said to have begun in January 2020, were first  documented and exposed  by the same researcher in August 2020. Tor is open-source software for enabling anonymous communication on the Internet. It obfuscates the source and destination of a web request by directing network traffic through

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges

DeepDotWeb Admin Pleads Guilty to Money Laundering Charges
Apr 01, 2021
The U.S. Department of Justice (DoJ) on Wednesday said that an Israeli national pleaded guilty for his role as an "administrator" of a portal called DeepDotWeb ( DDW ), a "news" website that "served as a gateway to numerous dark web marketplaces." According to the unsealed court documents, Tal Prihar , 37, an Israeli citizen residing in Brazil, operated DDW alongside Michael Phan , 34, of Israel, starting October 2013, in return for which they received kickbacks from the operators of the marketplaces in the form of virtual currency amounting to 8,155 bitcoins (worth $8.4 million at the time of the transactions). In an attempt to conceal the illicit payments, Prihar is said to have transferred the money to other bitcoin accounts and to bank accounts under his control in the name of shell companies. "Tal Prihar served as a broker for illegal Darknet marketplaces — helping such marketplaces find customers for fentanyl, firearms, and other dangerous

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown

Joker's Stash, The Largest Carding Marketplace, Announces Shutdown
Jan 16, 2021
Joker's Stash, the largest dark web marketplace notorious for selling compromised payment card data, has announced plans to shut down its operations on February 15, 2021. In a message board post on a Russian-language underground cybercrime forum, the operator of the site — who goes by the name "JokerStash" — said "it's time for us to leave forever" and that "we will never ever open again," according to twin reports from cybersecurity firms  Gemini Advisory  and  Intel471 . "Joker goes on a well-deserved retirement. Joker's Stash is closing," the post read. "When we opened years ago, nobody knew us. Today we are one of the largest cards/dumps marketplace[s]." The exact reason for the shut down is still unclear. Joker's Stash, since its origins in 2014, emerged as one of the biggest players in the underground payment card economy over the years, with over $1 billion generated in revenues. The news of the imminent sh

Authorities Take Down World's Largest Illegal Dark Web Marketplace

Authorities Take Down World's Largest Illegal Dark Web Marketplace
Jan 13, 2021
Europol on Tuesday said it shut down DarkMarket, the world's largest online marketplace for illicit goods, as part of an  international operation  involving Germany, Australia, Denmark, Moldova, Ukraine, the U.K.'s National Crime Agency (NCA), and the U.S. Federal Bureau of Investigation (FBI). At the time of closure, DarkMarket is believed to have had 500,000 users and more than 2,400 vendors, with over 320,000 transactions resulting in the transfer of more than 4,650 bitcoin and 12,800 monero — a sum total of €140 million ($170 million). The illegal internet market specialized in the sales of drugs, counterfeit money, stolen or forged credit card information, anonymous SIM cards, and off-the-shelf malware. In addition, the months-long intelligence operation also resulted in the arrest of a 34-year-old Australian national near the German-Danish border over the weekend, who is alleged to be the mastermind behind DarkMarket. According to  The Guardian , DarkMarket came to

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web

Report: 97% of Cybersecurity Companies Have Leaked Data on the Dark Web
Sep 15, 2020
In a new report into the global cybersecurity industry's exposure on the Dark Web this year, global application security company, ImmuniWeb , uncovered that 97% of leading cybersecurity companies have data leaks or other security incidents exposed on the Dark Web, while on average, there are over 4,000 stolen credentials and other sensitive data exposed per cybersecurity company. Even the cybersecurity industry itself is not immune to these problems, as demonstrated in ImmuniWeb's research. Key findings that the research found relating to the leading global cybersecurity companies' exposure on the Dark Web included: 97% of companies have data leaks and other security incidents exposed on the Dark Web. 631,512 verified security incidents were found with over 25% (or 160,529) of those classed as a high or critical risk level+ containing highly sensitive information such as plaintext credentials or PII, including financial or similar data. Hence, on average, there a

A New Free Monitoring Tool to Measure Your Dark Web Exposure

A New Free Monitoring Tool to Measure Your Dark Web Exposure
May 28, 2020
Last week, application security company ImmuniWeb released a new free tool  to monitor and measure an organization's exposure on the Dark Web. To improve the decision-making process for cybersecurity professionals, the free tool crawls Dark Web marketplaces, hacking forums, and Surface Web resources such as Pastebin or GitHub to provide you with a classified schema of your data being offered for sale or leaked. All you need to launch a Dark Web search is to enter your domain name. The volume of stolen credentials on the Dark Web is booming This week, over 26 million user records, including plaintext passwords, stolen from LiveJournal appeared on a Dark Web marketplace for as low as $35. The present week is likewise sadly marked with a compromise of 31 SQL databases (with 1.6 million rows of client data) from webshop owners. There were 7,098 breaches reported in 2019, exposing over 15.1 billion records, a new worst year on record according to Risk Based Security report

5 Places Where Hackers Are Stealthily Stealing Your Data In 2019

5 Places Where Hackers Are Stealthily Stealing Your Data In 2019
Oct 31, 2019
Skyrocketing data breaches bring incalculable losses to organizations and can cost cybersecurity executives their jobs. Here we examine the top five places in 2019 where cybercriminals are stealing corporate and government data without ever getting noticed and then learn how to avoid falling victim to unscrupulous attackers. 1. Misconfigured Cloud Storage 48% of all corporate data is stored in the cloud compared to 35% three years ago, according to a 2019 Global Cloud Security Study by cybersecurity company Thales that surveyed over 3,000 professionals across the globe. Contrastingly, only 32% of the organizations believe that protecting data in the cloud is their own responsibility, counting on cloud and IaaS providers to safeguard the data. Worse, 51% of the organizations do not use encryption or tokenization in the cloud. (ISC)² Cloud Security Report 2019 assets that 64% of cybersecurity professionals perceive data loss and leakage as the biggest risk associated with the
More Resources