Dark Peep #17: Dark Web Manifesto, Hacker Forums, and Ransomware Misadventures

socradar.io · SOCRadar · 1 year ago · news
quality 6/10 · good
0 net
Tags
hacker-forums ransomware dark-web
Entities
CVE-2023-34362
Dark Peep #17: Dark Web Manifesto, Hacker Forums, and Ransomware Misadventures Blog Trainings Request a Demo Login Dec 17, 2024 10 Mins Read Dark Peep #17: Dark Web Manifesto, Hacker Forums, and Ransomware Misadventures If the events from dark web this series were a script, it would be the kind of thriller where everyone fumbles their part. From ransomware gangs accidentally losing their own ransom records to threat actors leaking millions of records, it’s a chaotic mix of ambition and irony. Take DonutLeaks , for example—the ransomware group that somehow destroyed its own chat database and is now awkwardly asking victims to reconnect through a contact form. Imagine a cyber heist movie where the mastermind forgets their own getaway plan. That’s DonutLeaks: high-tech extortion with a touch of slapstick. Threat actors clashing in a cage with bats, under SOCRadar’s control and oversight. (Image created by DALL-E) Meanwhile, Nam3L3ss is busy posting sensitive data on dark web forums, leaking millions of records while claiming to expose systemic flaws in cloud security. Their dramatic manifesto might belong in a dystopian anime… Once data starts circulating on the dark web, it never really disappears—it just becomes fuel for phishing attacks and fraud. And then there’s Qilin Ransomware , who mixed up their victims so badly that payroll data for dentists somehow ended up attributed to a highway department. It’s like watching a villain in a crime drama press the wrong button and accidentally blow up their own hideout. From espionage experts like Turla, who infiltrate rival hacker infrastructure, to honeypots like Jinn Ransomware Builder, which tricked over 100 would-be hackers into exposing themselves, this week’s cyber stories are proof that the dark web isn’t just dangerous—it’s unpredictable, ironic, and occasionally, downright absurd. Bridges, Potholes, and… Root Canals? Qilin Ransomware strikes again—this time proving that even cybercriminals can mess up their paperwork. They proudly posted their latest haul, only to mix up their victims. Unless the Whitestone, New York Highway Department has suddenly diversified into dental care, those payroll records for a dental director, two dentists, and five hygienists are just a bit out of place. List of dental job titles and totals (Source: Dominic Alvieri ) Moral of the story? When even ransomware gangs can’t keep their stolen data straight, trusting them is like trusting your dentist to fix a pothole. Turla Hijacks Hackers to Hide Its Tracks The Russian cyber-espionage group Turla pulled off another stealthy move, hijacking Storm-0156 ’s infrastructure to hit Afghan and Indian government targets. Instead of breaching fresh systems, Turla piggybacked on networks Storm-0156 had already compromised, deploying their signature malware tools like TinyTurla and TwoDash. Turla’s activities observed within Storm-0156’s infrastructure (Source: Lumen) Turla didn’t stop at stealing access—they looted Storm-0156’s workstations, swiping malware tools like CrimsonRAT and stolen credentials . Turns out, even hackers need better cybersecurity. WannaCry Returns? The Indonesian group INDOHAXSEC TEAM claims to have developed a web-based version of WannaCry, but whether they truly have the technical chops to pull it off remains uncertain. Creating ransomware of this scale requires significant expertise, and groups often exaggerate their capabilities for attention. While their claims of encrypting websites and demanding Bitcoin are bold, it’s worth waiting for verified evidence before raising alarms. A ransomware message on a red screen labeled “WannaCry,” demanding 0.2 BTC to unlock encrypted files Hackers Tried to Hack Ended Up Hacked Jinn Ransomware Builder appeared on BreachedForums as a customizable ransomware creation tool, promising C2 callbacks, AES encryption , and multi-language support. In reality, it was a honeypot crafted by security researcher Cristian Cornea to trap curious hackers and script kiddies. Over 100 victims fell for the bait. Jinn Ransomware builder honeypot The builder disguised its true purpose by backdooring the system. A hardcoded “CmD.eXE” executable connected to a remote server while pretending to run encryption tasks. The multi-language feature? Just a prompt. AES encryption? Purely cosmetic, designed to hide the malicious code in plain sight. The zero detections on VirusTotal gave it credibility, but that’s the catch—low detection doesn’t mean safe. Hackers running the payload unwittingly opened their systems to a reverse compromise. Moral of the story? Hackers got hacked. Script kiddies got schooled. All thanks to a well-played honeypot—creativity meets irony in the best way. When Hacktivists Turn on Each Other In November, hacktivist group Rippersec pointed fingers at Azzasec for shutting down several Telegram accounts belonging to rival hacktivists. The twist? Azzasec’s former owner reportedly offers a Telegram takedown service for $300. RipperSec’s announcement (Source: CyberKnow ) Claiming roots in Italy, Azzasec once worked alongside pro-Russian groups and even claimed to have a ransomware variant. Targeting Telegram accounts isn’t groundbreaking—mass reporting has been a favorite tactic—but turning it into a paid service adds a new layer of chaos to the hacktivist world. Turns out, if you can’t beat them, you can always buy their page’s demise. RansomHub Says Data Will Be Used for Criminal Purposes RansomHubs’ statement (Source: Dominic Alvieri ) Well, of course it will. It’s not like they’re planning a charity fundraiser or a bake sale with your stolen data. Once a Leak Begins, It Never Truly Ends The infamous MOVEit vulnerability (CVE-2023-34362) has resurfaced, this time linked to a new threat actor named Nam3L3ss , who claims no affiliation with ransomware groups like Cl0p but continues to release sensitive data on BreachForums. High-profile victims, including Amazon, HSBC, McDonald’s, and U.S. Bank, have had internal employee directories leaked, exposing names, contact details, and organizational hierarchies. The threat actor’s posts, allegedly featuring the latest MOVEit-related databases Nam3L3ss, calling themselves a “watcher” rather than a hacker, insists their actions highlight systemic security negligence—specifically misconfigured cloud services and unprotected databases. Yet, their leaks, now millions of records deep, are a roadmap for phishing attacks, impersonation schemes, and fraud. A manifesto posted by the threat actor alongside the MOVEit data leak posts Their message may come wrapped in self-righteousness, but once the floodgates of stolen data open, there’s no closing them. A breach, once begun, doesn’t simply end. Data lives on, passed around like digital contraband, resurfacing years later in new forms of exploitation. Nam3L3ss allegedly reviving Avaddon’s 2020 data linked to American Bank Systems is proof—breaches don’t die; they just evolve, becoming new risks for old mistakes. So, while Nam3L3ss claims to be the messenger, their chilling edge remains: “If you can’t protect it, I’ll show the world just how broken it is.” The leaks may start with exposure, but the consequences ripple endlessly. DonutLeaks: When Hackers Lose Their Own Data The DonutLeaks ransomware group has found themselves in an ironic twist—they claim to have accidentally destroyed their internal chat database. Now, they’re requesting victims to reconnect through a contact form, promising updates on leaked files soon. DonutLeaks’ statement (Source: X ) It’s a rare moment when the hackers become victims of their own disorganization, proving that even cybercriminals can fumble their operations in unexpected ways. Laughs Aside, the Stakes Are Real This edition of Dark Peep proves once again that the dark web and hacker forums are a hotbed of not only danger but also irony and missteps. From ransomware gangs losing their own chat databases to self-styled watchers exposing millions of sensitive records, the cyber underworld is as unpredictable as ever. While some stories may seem comedic, the reality is far from it. Sensitive employee directories, internal databases, and even healthcare records leaking onto the dark web carry serious implications, from targeted phishing campaigns to large-scale fraud. Organizations must recognize the risks these leaks pose to their operations, reputation, and stakeholders. This is where SOCRadar comes in. With advanced Dark Web Monitoring capabilities, SOCRadar empowers organizations to stay one step ahead of emerging threats by: Providing real-time alerts when their assets are mentioned on the dark web. Keep track of black market leaks, botnet activity, PII breaches, and more using SOCRadar’s Dark Web Monitoring Identifying and tracking compromised credentials, helping mitigate risks before further breaches occur. The Domain Takedown Service within SOCRadar’s Brand Protection module Offering tools like Integrated Takedown to neutralize fake domains and phishing campaigns targeting their brand. In today’s landscape, where every leak could ripple into long-term consequences, SOCRadar’s solutions provide the edge organizations need to protect their assets and reputation. The dark web may be chaotic, but with the right tools, you can navigate it confidently. Share : Table Of Content Dark Peep #17: Dark Web Manifesto, Hacker Forums, and Ransomware Misadventures Bridges, Potholes, and… Root Canals? Turla Hijacks Hackers to Hide Its Tracks WannaCry Returns? Hackers Tried to Hack Ended Up Hacked When Hacktivists Turn on Each Other RansomHub Says Data Will Be Used for Criminal Purposes Once a Leak Begins, It Never Truly Ends DonutLeaks: When Hackers Lose Their Own Data Laughs Aside, the Stakes Are Real Related Articles The Unknown Stealers: What's Hidden Below the Radar Apr 07, 2026 Alleged TrakCare Access, PowerLab Leak, U.S. Driver IDs, Hong Kong HA Data and More Apr 06, 2026 Alleged Crypto Leads, Android Spyware, Mossad Leak, Binance Data, Nakamura Listing Mar 30, 2026 Inside Handala’s Hack on the FBI Director Mar 30, 2026 U.S. Institutions and the Dark Web: What's Being Sold and Who's Buying? Mar 24, 2026 Free Dark Web Report Is your Domain Exposed? Find Out. Scan Now Share : We value your privacy We use cookies to improve your experience, analyze traffic, and personalize content. You can accept all or customize your preferences. Accept All Manage your cookie preferences Select which types of cookies you allow. You can update these at any time. Essential Cookies Required for the website to function properly, including security, login, and saving consent preferences Analytics Cookies Collect anonymous data to help us understand how visitors use the website and improve content and usability. Functional Cookies Enable enhanced features such as remembering preferences, interactive tools, and other functionality improvements. Personalisation Cookies Allow the site to tailor content and recommendations based on user interactions without collecting personal information. Optimisation Cookies Help us test and improve site speed, layout, and overall performance for a better user experience. Save Preferences Accept All PROTECTION OF PERSONAL DATA COOKIE POLICY FOR THE INTERNET SITE Protecting your personal data is one of the core principles of our organization, SOCRadar, which operates the internet site ( www.socradar.com ). This Cookie Usage Policy (“Policy”) explains the types of cookies used and the conditions under which they are used to all website visitors and users. Cookies are small text files stored on your computer or mobile device by the websites you visit. Cookies are commonly used to provide you with a personalized experience while using a website, enhance the services offered, and improve your overall browsing experience, contributing to ease of use while navigating a website. If you prefer not to use cookies, you can delete or block them through your browser settings. However, please be aware that this may affect your usage of our website. Unless you change your cookie settings in your browser, we will assume that you accept the use of cookies on this site. 1. WHAT KIND OF DATA IS PROCESSED IN COOKIES? Cookies on websites collect data related to your browsing and usage preferences on the device you use to visit the site, depending on their type. This data includes information about the pages you access, the services and products you explore, your preferred language choice, and other preferences. 2. WHAT ARE COOKIES AND WHAT ARE THEIR PURPOSES? Cookies are small text files stored on your device or web server by the websites you visit through your browsers. These small text files, containing your preferred language and other settings, help us remember your preferences on your next visit and assist us in making improvements to our services to enhance your experience on the site. This way, you can have a better and more personalized user experience on your next visit. The main purposes of using cookies on our Internet Site are as follows: Improve the functionality and performance of the website to enhance the services provided to you, Enhance and introduce new features to the Internet Site and customize the provided features based on your preferences, Ensure legal and commercial security for the Internet Site, yourself, and the Organization, and prevent fraudulent transactions through the Site, Fulfill legal and contractual obligations, including those arising from Law No. 5651 on the Regulation of Publications on the Internet and the Fight Against Crimes Committed Through These Publications, as well as the Regulation on the Procedures and Principles Regarding the Regulation of Publications on the Internet. 3. TYPES OF COOKIES USED ON OUR INTERNET SITE 3.1. Session Cookies Session cookies ensure the smooth operation of the internet site during your visit. They are used for purposes such as ensuring the security and continuity of our sites and your visits. Session cookies are temporary cookies and are deleted when you close your browser; they are not permanent. 3.2. Persistent Cookies These cookies are used to remember your preferences and are stored on your device through browsers. Persistent cookies remain stored on your device even after you close your browser or restart your computer. These cookies are stored in your browser’s subfolders until deleted from your browser’s settings. Some types of persistent cookies can be used to provide personalized recommendations based on your usage purposes. With persistent cookies, when you revisit our website with the same device, the website checks if a cookie created by our website exists on your device. If so, it is understood that you have visited the site before, and the content to be presented to you is determined accordingly, offering you a better service. 3.3. Mandatory/Technical Cookies Mandatory cookies are essential for the proper functioning of the visited internet site. The purpose of these cookies is to provide necessary services by ensuring the operation of the site. For example, they allow access to secure sections of the internet site, use of its features, and navigation. 3.4. Analytical Cookies These cookies gather information about how the website is used, the frequency and number of visits, and show how visitors navigate to the site. The purpose of using these cookies is to improve the operation of the site, increase its performance, and determine general trend directions. They do not contain data that can identify visitors. For example, they show the number of error messages displayed or the most visited pages. 3.5. Functional Cookies Functional cookies remember the choices made by visitors within the site and recall them during the next visit. The purpose of these cookies is to provide ease of use to visitors. For example, they prevent the need to re-enter the user’s password on each page visited by the site user. 3.6. Targeting/Advertising Cookies They measure the effectiveness of advertisements shown to visitors and calculate how many times ads are displayed. The purpose of these cookies is to present personalized advertisements to visitors based on their interests. Similarly, they determine the specific interests of visitors’ navigation and present appropriate content. For example, they prevent the same advertisement from being shown again to the visitor in a short period. 4. HOW TO MANAGE COOKIE PREFERENCES? To change your preferences regarding the use of cookies, block or delete cookies, you only need to change your browser settings. Many browsers offer options to accept or reject cookies, only accept certain types of cookies, or receive notifications from the browser when a website requests to store cookies on your device. Also, it is possible to delete previously saved cookies from your browser. If you disable or reject cookies, you may need to manually adjust some preferences, and certain features and services on the website may not work properly as we will not be able to recognize and associate with your account. You can change your browser settings by clicking on the relevant link from the table below. 5. EFFECTIVE DATE OF THE INTERNET SITE PRIVACY POLICY The Internet Site Privacy Policy is dated The effective date of the Policy will be updated if the entire Policy or specific sections are renewed. The Privacy Policy is published on the Organization’s website ( www.socradar.com ) and made accessible to relevant individuals upon request. SOCRadar Address: 651 N Broad St, Suite 205 Middletown, DE 19709 USA Phone: +1 (571) 249-4598 Email: [email protected] Website: www.socradar.com
← Back to stories