• Mon. Jun 17th, 2024

The Most Notorious Hacker Attacks on the Dark Web

Avatar photo

ByHarper Stewart

Sep 4, 2023
Most Notorious Dark Web Hacker Attacks
Harper Stewart
Latest posts by Harper Stewart (see all)

Cyberattacks have significantly increased during the past several years. Professionals in cybersecurity seek to combat these risks as hackers continuously create advanced ways. This article will look at some of the most harmful cyberattacks in history that have hurt millions of people and resulted in significant financial losses.

Cl0p Ransomware Attacks (2019 – 2023)

A message sent from Cl0p ransomware group to its victims.

The infamous Cryptomix ransomware family includes the hazardous file-encrypting malware known as Cl0p. The organization disseminates the software and often updates the dark web with information about the victims. These cybercriminals profit on the MOVEit and GoAnywhere MFT flaws.The effective penetration of MOVEit by Clop led to several significant casualties around the world. 

The BBC, British Airways (where the breach affected all workers with U.K.-based payrolls), Aer Lingus, the pharmacy chain Boots, and the communications watchdog Ofcom were all affected in the U.K. Unfortunately, there are still more casualties. A U.S.-based fintech service provider, Shell Oil, the University System of Georgia (USG), and the Nova Scotian government were all trapped in Clop’s web.

Shein Compromise (2018)

Shein`s FAQ about data breach.

The state of New York fined Zoetop Business firm US$1.9 million in October for failing to report a huge data breach that affected an astounding 39 million consumers. Zoetop Business Company is the parent firm of well-known fast fashion brands SHEIN and ROMWE. In July 2018, a hostile third party was able to acquire illegal access to SHEIN’s payment systems, which led to the cyber security issue. 

The breach was not discovered or reported right away, and it took some time before the entire scope of the infiltration was discovered. The state of New York’s attorney general’s office said that SHEIN’s payment processor ultimately contacted the company and gave it important information. A large credit card network and a bank that issues credit cards had both been in touch with them with information suggesting that Zoetop’s systems had been compromised and card data taken.

When the credit card network learned that private payment information from SHEIN users was being freely traded on a hacker site, the breach’s gravity became clear. This brought up questions about the possible abuse of the stolen data and revealed how serious the security breach was.

Microsoft Data Breaches (2021-2023)

Lapsus$ screenshot showing the breach on Microsoft.

Microsoft is one of the corporations that is frequently on the radar of the most advanced hackers. It’s not hard to find Microsoft compromised accounts on the dark web. Additionally, the business is said to have misused approximately 360 million hacked credentials obtained from the dark web.

The Lapsus$ group leaked 37GB of source code from Microsoft’s Azure DevOps server in one of the most recent attacks. Several internal Microsoft initiatives, such as Bing, Cortana, and Bing Maps, are included in the source code.

Leaked source code projects.

Early in 2021, a sophisticated cyber effort attacked Microsoft Exchange, an email and collaboration system used by many enterprises. A Chinese-based state-sponsored organization was blamed for the attack. 

Russian hacking organization APT29, which is connected to Russia’s Foreign Intelligence Service (SVR), attacked the firm in 2023. It is known that the attackers used hacked Microsoft 365 tenants to build new domains with a technical help theme. These new domains were a component of the ‘onmicrosoft.com’ domain, a valid Microsoft domain that Microsoft 365 uses automatically as a fallback in the event that a custom domain is not generated.

APT29 phishing message pretending to be from Microsoft.

In order to trick users from the chosen firms into accepting multi factor authentication (MFA) prompts, they used these domains to deliver tech support baits. The fact that the mails originated from the authentic onmicrosoft.com domain may have given the phony Microsoft support communications a credible appearance. The threat actors’ main goal, according to Redmond’s advice, was to steal the targeted users’ login information.

Indonesian Immigration Directorate General (2023)

Breach Forum post by Bjorka.

Over 34 million Indonesians’ personal information were exposed in a huge data breach event when a hacker obtained illicit access to the nation’s Immigration Directorate General at the Ministry of Law and Human Rights. The information about this event was provided by Taguh Aprianto, a cybersecurity expert and the creator of Ethical Hacker Indonesia. Taguh Aprianto said that Bjorka, a hacktivist, was responsible for the assault. But whether or not this attack qualifies as hacktivism depends on its character.

Hacktivism often entails intrusion into a system without authorization in order to further a political or social goal while minimizing harm to users. It aims to disrupt an organization’s systems for a certain reason. In contrast, the alleged hacktivist in this case took a large quantity of personal information and put it up for sale on the dark web for $10,000.

Highly sensitive information exposed in the data breach includes the full names, genders, passport numbers, dates of issue, dates of expiration, and dates of birth of Indonesian residents. Concerns regarding potential abuse and identity theft for those impacted arise because of the volume of the stolen data.

Linkedin API Breach (2021)

Breach forum post offering 700M Linkedin records.

One of the biggest and latest hacks in history was the LinkedIn API breach in 2021. In this event, approximately 700 million individuals’ personal information from LinkedIn—or an astonishing 92% of the platform’s user base—was scraped and then posted for sale on a hacker forum. The discovery of a public API (Application Programming Interface) lacking sufficient authentication and security procedures was the cause of this incident. 

By taking advantage of this flaw, the attackers were able to access LinkedIn’s database without authorization and extract a sizable quantity of user data without running into any major obstacles.The effects of such a large-scale data breach are dire, especially in light of the kind of data disclosed. Users of the professional networking site LinkedIn fill out their accounts with both personal and professional information. For many harmful uses, this data can be quite useful to hackers.

Users of LinkedIn were provided advice after the hack informing them of the possible hazards they now faced. As the disclosed data might be used to develop sophisticated phishing campaigns or try to mimic people for malicious purposes, identity theft, specialized phishing attacks, and impersonations are among the main issues. 

Users were admonished to be careful and adopt extra security measures online in order to protect themselves. To reduce the risks associated with this breach, users are advised to use strong and unique passwords, enable two-factor authentication (2FA), be wary of unsolicited emails or messages, and often check their accounts for any odd activity.

The Yahoo Data Breach (2013-2016)

The numbers of compromised records by Statista.

When Yahoo disclosed a second incident in 2013 that compromised over 1 billion accounts, it dealt another devastating blow to the company, which was already grappling with the impact from a September 2016 disclosure of 500 million hijacked user accounts in 2014. These two assaults represent the biggest computer network security lapses yet documented for a single business.

Sensitive user data, including names, phone numbers, dates of birth, encrypted passwords, and unencrypted security questions that could be used for password resets, were made public during the 2013 hack. Yahoo is now asking all impacted customers to reset their passwords and invalidate unencrypted security inquiries, in contrast to its previous reaction in September.

Given that Yahoo has over 1 billion active users and it is unknown how much of an impact the assaults will have on dormant accounts, it is still unclear exactly how many people were impacted by the two attacks. Security professionals consider the company’s recent revelation of a hack that happened so long ago to be a major setback. 

Quora Data Breach (2018)

Quora`s warning message about data breach.

One of the worst cyber assaults in history happened in 2018, exposing the data of 100 million Quora members, or around 50% of its user base. Malicious third parties getting unauthorized access to Quora’s internal systems led to the hack. On December 3, 2018, Quora swiftly released a statement regarding the situation after learning of the breach on November 30, 2018. 

The company’s representatives recognized the illegal access and promised consumers that they had found the source of the problem and taken appropriate steps to stop it from happening again. Account information, such as usernames and email addresses, as well as encrypted passwords were among the leaked data. Furthermore, information imported from connected networks, including Facebook and Twitter, was also at danger.

As soon as the hack was discovered, Quora alerted law enforcement and started an investigation. The organization reset the affected individuals’ passwords as a precaution and locked them out of their accounts. The Quora data breach raised awareness of cybersecurity and data protection, causing users and businesses to be more watchful in securing sensitive data and enhancing security measures against possible cyber attacks.

Avatar photo

Harper Stewart

With a deep understanding of the complexities of the Dark Web, Harper curates informative and thought-provoking content for our readers. Her knowledge of the hidden corners of the internet and cybersecurity helps shed light on the often mysterious and illicit activities that take place in this realm.