Cyberint discovered in the ‘wild’ what could possibly be associated with the ‘Cardpool’ gift card breach, a file named ‘cardpool leak’. It was collected by our platform, Argos. ‘Cardpool’ was an online business where customers exchanged or sold their unwanted or partially used gift cards. It was shut down in early 2021, but it’s been discovered that in late April 2021, a Russian Threat Actor allegedly sold $38 million worth of gift cards there.

The theft of users’ credentials is a growing industry. The market for compromised credentials is vast and has huge potential due to: These factors have created a lucrative market for cybercriminals who are able to steal credentials and sell them on the black market. The stolen credentials can then be used to access personal and financial information, commit identity theft, or launch other cyberattacks.

As the new underground forum, ExposedVC, is trying to establish credibility among threat actors and the cybersecurity community in general, its admins are working hard to give some valuable leaks to attract more people. A few hours ago, the admins leaked what they claim to be the entire RaidForums DB that was taken down in 2022 by the FBI, along with the arrest of its admin Omnipotent.

During 2022 and the first quarter of 2023 Cyberint noticed an increased trend in Threat Actors engaging in malvertising, AKA abusing the ad space to distribute their phishing & malware campaigns. Malvertising increases their reach and potential victims due to advertisement prioritization in search engine results. This trend is a lesser-known risk among the general public, and therefore poses a higher threat.

Over the past two months, the Cyberint research team has witnessed an extensive campaign in which threat actors are actively exploiting the recently discovered vulnerability in the PaperCut print management platform. The Cyberint research team has identified a significant trend in relation to these recent attacks and associated incidents linked to this vulnerability.

Ever since Pompompurin’s arrest and the shutdown of BreachedForums, threat actors have been looking for a new home to migrate and continue their cybercrime activities, especially the data leakage groups. Although Telegram has become one of the most popular platforms for the cybersecurity community, data leakage groups and other cybercrime sellers still need an underground forum to advertise their services and findings.

Supply Chain Intelligence is an improved method for continuously discovering, monitoring, assessing and mitigating risk introduced to your organization through 3rd party technologies, vendors, and suppliers.

In this blog and video a Cyberint cybersecurity expert explains how the ‘dark web’ operates and shows real live examples of actors and their criminal activity. Learn how to access the dark web and what are some of the most common behaviors that companies should be watching out for.

In 2022 & 2023 Western government agencies have managed to take down multiple prominent dark web forums such as RaidForums in April 2022, BreachedForums in March 2023, and Genesis Marketplace in April 2023. This might make threat actors in the West feel less confident in initiating activities on such monitored platforms and could shift their focus to Chinese-speaking forums.