Dark Web Digest – April 2024 Edition

Dark Web Digest April 2024

The dark web is an online space that several individuals know about. It is frequently used for hacking, drug trafficking, and cybercrime. Events and new technologies affect the dark web and its users every month.

Some of the most important and interesting dark web news from March 2024 are summed up in this digest. If you haven’t heard these before, this digest should be on your next reading list. It includes the dark web’s negative things that affect everyone’s safety, privacy, health, and society. Additionally, these news stories will enable us to stay safe on the dark web and make us more aware of how dangerous it could be for us.

We will give you more information, ideas, and sources for each news story. You can then take the right safety steps and stay engaged with the future.

AT&T alleges that data of 73 million customers were leaked on the ‘dark web’

AT&T, the largest telecommunication network in the United States, has reported a breach involving personal information belonging to millions of past and present customers, including Social Security numbers (SSNs), passcodes, and contact details. The breach, discovered on the “dark web,” affected approximately 73 million accounts. 

The hacked data appears to be from 2019 or earlier and does not include personal financial information or phone records. AT&T planned to notify all 7.6 million existing account users whose sensitive personal information had been compromised about the breach. The company has already reset the passcodes and is investigating the situation. 


The vulnerability was originally disclosed on a hacker site over two weeks ago, and it is unknown whether the leak is related to a similar breach in 2021 that was widely reported, but AT&T did not admit it. A hacker is alleged to have gained access to the data of 70 million AT&T consumers, including their names, addresses, phone numbers, social security numbers, and dates of birth. If the company fails to notify impacted customers, it will likely face class action lawsuits. AT&T faced challenges earlier in February after an outage temporarily knocked out mobile phone service for thousands of users.

StealthMole gets $7 million for its A.I. dark web spying business.

Singapore-based Singapore-based company StealthMole has secured funding from Korea Investment Partners (KIP), a joint venture between RHL Ventures, Penjana Kapital, KB Investment, Hibiscus Fund, and Smilegate Investment. The funding will be used to support StealthMole’s expansion into new markets and the application of its technology to more commercial uses. 

The company uses 255 billion analyzed data points from the dark web, deep web, and hidden sources to trace criminals, aiding governments and law enforcement in early risk mitigation and criminal tracking. StealthMole’s founder, Louis Hur, cited a critical market gap in cybersecurity and white-hat hacking and a lack of data points and information networks, specifically within Asia. 

The company’s managing director, Kim Min-Q, emphasized the company’s agility in addressing the increasing rampantness and advancedness of cybercrimes as organizations worldwide digitize. StealthMole, co-led by Simon Choi and Hur, is a threat investigator and specialist in enterprise I.T. security. The cybersecurity sector faces a challenging market environment, with decreased valuations and increasing pressure to sell while competing for vital funding and collaborations.

Change Healthcare might have stopped a $22 million dark web ransom

A hacker has reportedly accessed the data of numerous healthcare firms partnered with Change Healthcare, posing a risk that the affiliate hacker still possesses sensitive medical information. The $22 million ransom would be a profitable score for AlphV, as it is the largest payment in the history of ransomware. 

Change Healthcare

The attack shows AlphV’s comeback after being the target of an FBI operation in December. 

The group vanished and renamed multiple times, with earlier incarnations under the names Darkside, BlackMatter, and BlackCat. The hackers working under that Darkside handle were responsible for the 2021 Colonial Pipeline ransomware attack, which triggered the shutdown of gas transportation across the Eastern Seaboard of the U.S. and resulted in a brief fuel shortage in some East Coast cities.

More than 225,000 chatGPT logins are being sold on dark web markets.

Between January and October 2023, over 225,000 logs containing compromised OpenAI ChatGPT credentials were made available for sale on underground markets, according to Group-IB. These login details were found in information stealer logs related to LummaC2, Raccoon, and RedLine stealer malware. The number of infected devices decreased slightly in mid-and late summer but grew significantly between August and September. 

Between June and October 2023, over 130,000 unique hosts with access to OpenAI ChatGPT were infiltrated, a 36% increase over the first five months of 2023. The sharp increase in ChatGPT credentials for sale is due to the overall rise in the number of hosts infected with information stealers, data from which is then put up for sale on markets or in UCLs. 

Threat actors from Russia, North Korea, Iran, and China are experimenting with artificial intelligence (AI) and large language models (LLMs) to complement their ongoing cyber attack operations. The abuse of valid account credentials by threat actors has emerged as a top access technique, primarily fueled by the easy availability of such information via stealer malware.

Dutch citizens’ sensitive documents are taken and shared on the dark web

Thousands of stolen passports and other sensitive documents have been discovered on the dark web, a hidden part of the internet, where criminals use them for identity fraud and fraud. Over 5,100 digital copies of I.D.s have been published on the dark web, and RTL Nieuws has monitored all ransomware attacks and the data stolen for a year. Other sensitive documents, such as account statements, pay slips, and divorce papers, can also be found on the dark web. 

Malicious parties can use these documents to commit identity fraud and transfer bank accounts, loans, or telephone subscriptions to the victim’s name. The majority of victims are unaware of their sensitive data and documents being on the dark web, fearing that criminals will misuse their identity. 

The Dutch Data Protection Authority is concerned about the severity of the consequences for victims, as many are unaware of the theft. Victims like Teun are shocked by the situation and wish they could have taken action.

Swedish hospital’s stolen information being sold on the dark web

A hacker group, Medusa, has listed data stolen from a Swedish hospital, Sophiahemmet, for sale on its dark web website. The group is demanding a million U.S. dollars to delete the data and has published proof of compromise. The dark web is a hidden part of the internet that requires special software, configurations, or authorizations to access. 

Sophiahemmet Hospital

The attack knocked out telephones at the hospital overnight, causing it to shut down all computers as a security measure. Region Stockholm activated stabsläge, which has the lowest level of heightened preparedness used in healthcare services. 

Many files from the attack are up for sale, although the hospital has not confirmed the amount of data affected. The attack is the latest in a series of cyber attacks targeting Swedish businesses and public authorities, although it is not known whether this attack is connected to previous incidents. Akira, a Russian hacker group, has threatened to leak data from Bjuv, a small municipality in southern Sweden, in the form of confidential documents, contracts, agreements, and personal files.

Alleged Data Breach: 15,500 Mexican Debit/Credit Cards Sold on Dark Web

A dark web actor, known as “powerup,” has sold over 15,500 debit and credit cards linked to Mexican citizens. The sale was advertised on an underground forum, with an initial bid of $47,000. The seller, known as “powerup,” assured potential buyers of a “fresh database” originating from Mexico. This is part of a global credit and debit card skimming campaign. 

Dark web marketplaces for credit and debit cards serve as conduits for the illicit trade of stolen payment information, catering to various cybercriminals. Traditionally, criminals would capture or purchase card data for personal use. 

However, the methodology has evolved, with modern methods transcending traditional physical card skimmers, including sophisticated digital attacks and large-scale cyber breaches. Mastercard’s recent report revealed a case involving the illicit card testing service Try2Check, described as the “gold standard” of unauthorized credit card verification platforms. The underground economy surrounding debit and credit card fraud still exists despite law enforcement efforts.

Massive Increase in Russian Dark Web Posts About U.S. Election Interference in 2024

The last news concerns the Surge in Russian Dark Web Posts About the U.S. Election. In the first two months of 2021, there has been a significant increase in dark web discussions about election interference, with most of these discussions referring to the U.S. presidential election and written in Russian. Analysts at NordVPN found that in 2022, there were 26 such discussions on hidden forums, but it increased to 101 last year, a nearly 400 percent increase. 

The company cautioned that the chatter did not indicate a cyberattack or foreign influence operation but suggested that artificial intelligence (A.I.) improvements could make disinformation easier to produce and more convincing.

Russian election interference has been a concern since 2016, with the Kremlin meddling in the U.S. presidential election in a systematic fashion. In 2021, a report by U.S. intelligence agencies found that Putin authorized a range of government organizations to conduct interference operations aimed at undermining Joe Biden, while Iran carried out a “multi-pronged covert influence campaign” intended to undercut Trump. Experts are most concerned about using A.I. to create fake leaks that could damage candidates.

In the past year, there has been an explosion in the sophistication and adoption of A.I. software, with models able to generate text and images, edit videos, and find patterns in large datasets. However, with every positive use of the emerging technology comes the potential for negative ones, such as deepfakes, which are used to create involuntary pornography and false political narratives.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top