The iZOOlogic security researchers recently found peculiar data leaks offered by a Data trader from a notorious forum within the dark web and another one from an exclusive membership access only forum, we see some interesting targeted breach in different countries, most noteworthy are those coming from India.
Trader selling leaked passports, IDs and Personally Identifiable information
A trader is selling leaked passport, IDs, and Personally Identifiable Information with their selfies. The whole dump will sell for 200k USD. He is also offering to sell the package by country, evidently for adversaries that target specific countries only, for as low as 25 to 60 USD per country. The countries affected by this post are South Africa, United Kingdom, Nigeria, Kenya, Pakistan, Europe…
Quoting the threat actor from the Notorious forum:
“I recently dumped a cryptocurrency website’s database containing nearly 300Gb of documents (almost 200k files).
Peoples in the dump are from many countries such as South Africa, United Kingdom, Nigeria, Kenya, Pakistan, Europe… Filenames are not explicit so I need to manually open up the files to check information or see what kind of document is it. If you have an OCR scan tool you can do it automatically.
For each people there are at least ID card (front and back) or driver license or passport, and a selfie alone or holding ID card. Some peoples have attached residential proof such as tax invoice or bank statement.
The price for a single kit (ID card + invoice + selfie) depends on the country you want (between 25$ to 60$). If you wanna buy it in bulk or the whole dump (200k USD) we can talk about it in PM ”
According to our analysis, the sample files we have seen can be used for identity theft. Through identity theft by falsifying documents, threat actors may easily assume one’s identity for multipurpose cybercrime activities.
India specific dark web leak discovered!
As if it is not enough that the notorious forum has its own collection of leaked stuff, there are users who we found out has another membership-based VIP access to some of the database dumps that are more targeted and specific. On the below screenshot, we can see websites that are hacked. They may not be prominent in the business world, but private user data are exposed in this manner, thus another avenue for blackhats to add to their inventory of stolen information
Wait! There is more. One of our researchers found a random dump which is a combo list. Combo lists are combined dumps from different targeted, specific, and prominent corporate leaks. We analyzed a particular combo that targets big banks in India and other countries in the Middle East and South Africa.
The file name was attributed to Streaming, Gaming, and Shopping activities. It will create an impression that the contents will not be relevant to banks and other significant corporations. Until we decided to analyze them, then voila! Emails and passwords of corporations and random webmail users appeared.
The affected parties shall be alerted by iZOOlogic soon, along with the affected data. We suggest that corporations practice proper password management and data hygiene to mitigate any anticipated data breach.