The dark web remains a mysterious realm shrouded in secrecy and intrigue. It is an enigmatic corner of the internet where anonymity reigns supreme, allowing users to navigate hidden networks and engage in activities beyond the reach of conventional search engines.
In this edition of Dark Web Digest, we embark on a journey to uncover the latest insights and events unfolding during July 2023. We peel back the layers of this clandestine world to shed light on emerging trends, noteworthy incidents, and the pulse of the dark web community.
Dark Web Digest July 2023
The Dark Web Digest July 2023 Edition is a comprehensive and expertly curated guide that provides valuable insights and information about the dark web.
This edition serves as an essential resource for individuals seeking to understand the workings of the dark web, its hidden markets, and the potential security risks associated with this clandestine realm.
The Dark Web Digest July 2023 Edition goes beyond the surface-level information commonly found elsewhere. We aim to deliver personalized content that humanizes the dark web experience, enabling readers to grasp the significance and implications of the latest developments. Our conversational tone, devoid of slang or fluffy language, ensures clarity and makes the content easily accessible to readers of all backgrounds.
Let’s talk about some happening from the dark web in 2023!
Millions of U.K. University Credentials Found on Dark Web
The dark web has once again raised concerns in the realm of cybersecurity as security researchers recently uncovered a staggering 2.2 million compromised credentials linked to the top 100 universities in the U.K. This alarming discovery poses a significant risk to the faculty, students and their valuable data.
Trillion, Crossword Cybersecurity’s risk monitoring service, was responsible for unearthing these compromised credentials. Interestingly, more than half of these compromised accounts (54%) were associated with prestigious Russell Group institutions known for their excellence in education and research.
It is worth noting that the U.K. boasted nearly 2.2 million students enrolled in higher education institutions during the 2021/22 academic year, including approximately 680,000 international students. Additionally, there were an estimated 234,000 staff members. While the scale of this breach is substantial, it remains unclear how many affected individuals are still affiliated with the universities.
The implications of this breach extend beyond the compromised accounts themselves. Crossword Cybersecurity has emphasized the potential risk to sensitive research projects. If threat actors gain access to user accounts with compromised credentials, they could jeopardize ongoing research initiatives. This is particularly concerning for universities involved in government-funded programs in critical areas such as nuclear energy and defence.
Stuart Jubb, the Managing Director of Crossword Cybersecurity, underscored the importance of safeguarding universities and their valuable reputation. He stressed that effective cybersecurity practices are essential for protecting the students and staff and the information shared with them for research purposes by both the public and private sectors. Given universities’ unique challenges, where secrecy and openness intersect, a multi-faceted approach to cybersecurity is crucial. Jubb emphasized the need for proactive monitoring of stolen credentials and implementing multi-factor authentication across all organizations, not just within the education sector.
While the primary motive behind targeting university credentials may be to gain unauthorized access to unpublished research, the potential consequences are more far-reaching. Threat actors may also aim to acquire sensitive personally identifiable information (PII) from students and staff. Furthermore, phishing attempts and identity fraud could be on the horizon.
The research report highlighted an interesting trend: the top 30 universities in the country are up to 50% more likely to have compromised credentials than other institutions within the top 100. Additionally, it revealed that universities in London had experienced more breached logins (506,330) than those in Scotland, Wales, and Northern Ireland combined (465,767).
Man Jailed For Importing Explosives after Dark Web Plot to Obtain Deadly Poisons
Jomic Calleja Maatouk, a 36-year-old resident of Żebbug, has been sentenced to five years in prison and ordered to forfeit €51,000 in bail bonds. The court described Calleja as a “lethal weapon” capable of causing “chaos and destruction.”
The judgement was delivered after Calleja faced criminal charges for conspiring to import explosives illegally from the United States. Disturbing messages retrieved by investigators revealed Calleja’s plan to purchase lethal substances from the dark web, including polonium 210, ricin, and fentanyl. When his attempt to acquire these poisons failed, he turned to explosives.
Foreign security services alerted investigators, leading them to Calleja. Chat conversations between Calleja and the seller indicated his interest in acquiring poisons for a specific target. Ultimately, Calleja was found guilty of multiple charges and pleaded not guilty.
The court considered the seriousness of the crimes, his criminal record, and the need to protect society. The five-year prison sentence aims to rehabilitate Calleja while ensuring public safety. His previous bail bonds were forfeited, and he was re-arrested. Inspector Omar Zammit acted as the prosecutor, while Benjamin Valenzia represented the defence.
“Triangulation Trojan” Launches Sophisticated Attack on Apple Devices
Security experts recently uncovered a highly advanced and targeted cyberattack called “Triangulation” that targets Apple’s mobile devices. This attack aims to infiltrate the iPhones of employees, particularly those in middle and top management positions within certain companies.
The attack method involves sending an invisible iMessage with a malicious attachment. By exploiting multiple vulnerabilities in the iOS operating system, the attachment can execute on the device without any action required from the user. Once installed, the spyware operates covertly, secretly transmitting sensitive data back to remote servers. This includes recordings from the device’s microphone, photos from instant messaging apps, geolocation information, and other user activity data.
Detecting and removing this spyware is a complex task due to the unique characteristics of iOS. One clear indicator of the Triangulation attack is the disabling of iOS updates on the infected device.
Creating a backup of the device and analyzing it using a specialized utility tool is recommended to confirm an infection. Kaspersky is also developing a free detection tool to aid in identifying this spyware.
Unfortunately, there is no practical method to remove Triangulation without losing user data, as the spyware blocks iOS updates.
The only viable solution is to reset the infected iPhones to factory settings and reinstall the latest version of the operating system along with all user data. This step is crucial to prevent re-infection through outdated iOS versions.
The sophisticated nature of this attack allowed it to remain undetected until anomalies within the network originating from Apple devices were identified by Kaspersky’s Unified Monitoring and Analysis Platform (KUMA), a specialized Security Information and Event Management (SIEM) solution. Further investigations revealed that the spyware had compromised several iPhones belonging to senior employees.
Kaspersky continues investigating this incident and plans to provide additional information in a dedicated post on Securelist. They expect to uncover more details about the widespread impact of this spyware in the coming days.
It is important to note that while Kaspersky was targeted in this attack, they were not the primary objective. They assure users that this incident leaves their business processes and data unaffected.
‘Sensitive’ Australian Government Documents Leaked on the Dark Web
A highly advanced cyberattack named “Triangulation” has been uncovered by security experts. This targeted attack specifically aims at infiltrating Apple mobile devices, particularly those used by employees in middle and top management positions within specific companies. The attack involves sending an invisible iMessage with a malicious attachment, exploiting multiple vulnerabilities in the iOS operating system.
Once installed, the spyware operates covertly, collecting and transmitting sensitive data back to remote servers without user consent. Detecting and removing this spyware is challenging, as it turns off iOS updates on infected devices. Experts recommend creating a backup and using specialized utility tools to confirm an infection.
Kaspersky is developing a free detection tool for this purpose. Unfortunately, there is currently no effective method to remove Triangulation without losing user data. Resetting infected iPhones to factory settings and reinstalling the latest iOS version is the only solution.
The attack was discovered through anomalies identified by Kaspersky’s Unified Monitoring and Analysis Platform. Investigations revealed compromised iPhones belonging to senior employees. Kaspersky is actively investigating the incident and plans to share more details soon. While Kaspersky was targeted, its business processes and data remain unaffected.
In another incident, a cybersecurity hack on law firm HWL Ebsworth has impacted at least 60 government agencies, including the Defence Department and Home Affairs. The agency responsible for the national disability insurance scheme also assesses the potential exposure of sensitive client information.
The affected entities are notifying individuals and fulfilling their obligations under the Privacy Act 1988. The cybercriminal group Blackcat, one of Australia’s top three ransomware groups, has consistently targeted large organizations.
Clop Hackers Begin Posting Company Names on Dark Web
Clop, a cybercrime gang believed to be based in Russia, has recently escalated its activities on the dark web. They have posted company profiles of multiple businesses from which they claim to have stolen data.
This move comes after Clop issued a warning, threatening to release staff members’ sensitive information and personal details if negotiations were not initiated. British Airways, Boots, and the BBC were among the companies affected, as their payroll provider, Zellis, experienced a breach.
The situation has intensified further, with over 26 organizations, including universities and banks, having their company profiles published on Clop’s leak site. This tactic aims to increase the pressure on companies to pay ransoms.
Clop managed to infiltrate MOVEit, a widely used business software, allowing them to target numerous companies and institutions worldwide.
While the U.S. Cybersecurity and Infrastructure Security Agency (Cisa) confirmed that only data stored on MOVEit had been stolen, there were no ongoing incursions into other parts of the national network. However, it was reported that a contractor at a U.S. national laboratory and a radioactive waste storage site under the U.S. Department of Energy (DoE) management were among the victims.
The list of potential victims continues to grow. Shell, the government of Nova Scotia, U.K. regulator Ofcom, the Minnesota Department of Education, and Landal GreenParks, a Dutch campsite and recreation company, are now added to the roster. In the U.K., Adare SEC, a communications firm that handles digital and printed communications for various businesses, confirmed that it was impacted by the MOVEit hack and that data had been stolen.
The situation serves as a reminder of the increasing threats posed by cybercriminals on the dark web and highlights the critical need for organizations to bolster their cybersecurity defences.
Man Charged with Running $18 Million ‘Monopoly’ Darknet Marketplace
The extradition of the suspected administrator of the Monopoly Market darknet marketplace has been completed, marking a significant development in the ongoing battle against illegal activities on the dark web. Milomir Desnica, a citizen of Serbia and Croatia, was extradited from Austria to the United States to face charges related to running the illicit marketplace. This comes after his arrest in Vienna last November and the subsequent seizure of Monopoly Market’s servers in December 2021.
The U.S. Department of Justice (DOJ) has accused Desnica of facilitating around $18 million in illegal drug transactions using cryptocurrencies through the Monopoly Market platform. The marketplace operated on the dark web, offering a platform for the trade of illicit substances. The charges against Desnica include conspiracy to possess and distribute methamphetamine and conspiracy to launder monetary instruments. The indictment seeks the confiscation of any criminal proceeds.
The extradition of Desnica follows an extensive international operation conducted by Europol in collaboration with law enforcement agencies from various countries. This operation resulted in the arrest of 288 individuals and the seizure of significant amounts of cash, crypto assets, drugs, and weapons, amounting to over $53 million.
During the investigation, authorities discovered incriminating evidence on the Monopoly servers, including records of narcotics sales, financial transactions involving cryptocurrencies, and communications with vendors. This evidence played a crucial role in identifying Desnica as the operator of the darknet marketplace.
The DOJ has revealed that Desnica allegedly utilized multiple cryptocurrency exchanges between April 2020 and July 2022 to convert the proceeds from the drug sales. By moving the digital assets between blockchains and eventually selling them to peer-to-peer traders in Serbia in exchange for fiat currency, Desnica is accused of attempting to launder the illicit funds.
If convicted, Desnica faces severe penalties. The drug distribution charge carries a maximum sentence of life imprisonment, while the conspiracy to commit a money laundering charge can result in a maximum term of 20 years behind bars. Additionally, the charges may also lead to substantial financial penalties.
The takedown of Monopoly Market and other darknet marketplaces has been a significant focus for law enforcement agencies worldwide. Just a few months before Desnica’s extradition, German authorities shut down Hydra, one of the largest darknet markets at the time, primarily catering to Russian-speaking users. These operations demonstrate the commitment of international law enforcement to combat illegal activities on the dark web and protect public safety.
The case against Milomir Desnica serves as a reminder that illegal marketplaces on the dark web are not beyond the reach of law enforcement. It also emphasizes the increasing sophistication of investigations targeting individuals involved in such criminal enterprises. As efforts to dismantle these illicit platforms continue, the fight against cybercrime and illegal activities on the dark web remains a top priority for security experts and law enforcement agencies worldwide.
The Dark Web Digest July 2023 Edition has provided a comprehensive overview of the latest happenings in the dark web, shedding light on the activities and risks associated with this hidden realm. As a security expert, it is evident that the dark web is a hotbed for illicit activities, from the trade of illegal substances to cybercrime and data breaches.
Throughout this edition, we have explored various incidents highlighting the dangers and consequences of engaging with the dark web.
As the dark web continues to evolve, law enforcement agencies and security experts remain vigilant in their efforts to disrupt and dismantle illegal activities. Collaboration, international cooperation, and advanced technologies are vital in addressing these challenges.
In conclusion, the Dark Web Digest July 2023 Edition has provided valuable insights into the dark web’s underbelly. Individuals, organizations, and policymakers need to stay informed about the latest developments and adopt proactive measures to protect themselves from the threats lurking within the depths of the internet. By arming ourselves with knowledge and maintaining a solid security posture, we can confidently navigate the digital landscape and contribute to a safer and more secure online environment.