October was packed with action on the dark web. Here’s what went down this month.
BlackSuit Ransomware Gets Shut Down
Police took down BlackSuit ransomware‘s dark web sites this month. These guys had been attacking companies for years, locking up their files and asking for money to unlock them. Taking down their websites is a big deal because that’s where they posted stolen data and threatened victims.
Finnish Police Close Drug Marketplace
Finnish Customs shut down a dark web marketplace called Sipulitie. They grabbed the servers and took down the site where people were buying and selling illegal drugs. It was one of those anonymous marketplaces where dealers thought they were safe.
Marketplace Admin Gets Arrested
Police arrested one of the guys running Bohemia/Cannabia, a dark web market. This site sold drugs and also offered DDoS attacks for hire. Getting the people who run these sites is important because they’re the ones keeping everything going.
Ransomware Group Now Offers Lawyers
This is wild. The Qilin ransomware group started offering legal advice to the criminals who work with them. They call it “Call Law” and it’s meant to help put more pressure on victims to pay up. These criminals are acting more like a real company every day, which is pretty messed up.
Dublin Airport Gets Hit
The Everest ransomware group says they broke into Dublin Airport’s systems. That’s Ireland’s biggest airport.
Attacking airports is serious because millions of people use them. It shows these groups don’t care about how many regular people they hurt.
French Parliament Reportedly Breached
Someone claimed they hacked into the Assemblée Nationale, which is part of France’s government. Going after government buildings is a bold move, and it shows hackers are targeting bigger and riskier places.
South Korean Companies Under Attack
South Korea had a bad month. Three different ransomware groups hit Korean companies. RansomHouse went after a food company. Qilin attacked a media company. And Coinbase Cartel says they leaked all the source code from a big telecom company. That’s a lot of damage in one country in just a few weeks.
Brokers Selling Access to Company Networks
There’s a whole business of people breaking into companies just to sell that access to ransomware gangs. They’re called Initial Access Brokers. They buy stolen passwords cheap from places like Russian Marketplace, use them to get into company systems, then sell that access on dark web forums. It’s like a factory line for hacking.
Ransomware Gang Gets Hacked
The Everest ransomware group’s website got hacked and went down. Yep, the hackers got hacked. Someone attacked their dark web site over the weekend and took it offline. Even criminals aren’t safe from other criminals.
Big Marketplaces Still Running
Even with all the police raids, the big dark web markets are still going. Places like Abacus Market, STYX, Brian’s Club, and Russian Market keep selling stolen credit cards, hacking tools, and ransomware kits. They keep upgrading their defenses to stay one step ahead of law enforcement.
British Spies Launch Dark Web Site
MI6, the British spy agency, made their own dark web site called Silent Courier. It’s a way for people in Russia and other countries to secretly contact them and share information. They’re using the same anonymity that criminals use, but for spy recruitment. Smart move.
Russians Making Millions from Ransomware
Russian-speaking hackers made over $500 million from ransomware in the past year. That’s 69% of all the crypto money tied to ransomware attacks. Most of the big ransomware operations are run by Russian groups or use Russian forums.
Guy Gets Prison Time for Selling Logins
A 27-year-old Russian guy got sentenced to 40 months in jail for selling stolen login information. He was part of Slilpp, which was the biggest site for buying and selling hacked accounts until police shut it down in 2021. Even years later, they’re still catching people who ran that site.
183 Million Gmail Credentials Leaked
A huge database containing 183 million email accounts and passwords showed up online this month. About 16.4 million of these were Gmail addresses that hadn’t been seen in previous breaches. The data came from infostealer malware like RedLine and Vidar that infected people’s computers over the past year and stole their login information.
Here’s the thing: Google’s servers weren’t hacked. Instead, criminals used malware to grab passwords directly from infected computers when people logged into Gmail. These stolen credentials ended up in a 3.5 terabyte database that’s now being traded on dark web forums.
The scary part is that many people use their Gmail password for other accounts too. So one stolen Gmail login could give hackers access to your bank, shopping sites, and work accounts. Security researcher Troy Hunt added all these credentials to Have I Been Pwned so people can check if their email was part of the leak.
If you use Gmail, go to haveibeenpwned.com and check your email. If it shows up, change your password right away and turn on two-factor authentication. And stop using the same password everywhere.
Your Personal Info Is Dirt Cheap
Stolen credit card numbers, social security numbers, and personal data are selling for almost nothing on the dark web. For just a few bucks, criminals can buy everything they need to steal someone’s identity. That’s why fraud is such a huge problem right now.
