Escalating Cybercriminal Activity: Key Threats Identified on Hacker Forums

In recent weeks, the landscape of cybercrime has become increasingly alarming, with hacker forums buzzing with illicit activities and data breaches. SOCRadar’s Dark Web Team has identified several significant threats that have emerged, highlighting the urgent need for organizations to bolster their cybersecurity measures. This article delves into the key findings from the dark web, including notable breaches, emerging malware, and the sale of stolen data.

Al Hilal SFC Data Breach

One of the most concerning discoveries this week is the alleged breach of Al Hilal SFC, a prominent multi-sports club based in Riyadh, Saudi Arabia. A post on a hacker forum claims that sensitive data, including financial records, player contracts, and Personally Identifiable Information (PII), has been leaked. The breach reportedly occurred in February 2025, raising serious concerns about the security of sensitive information within sports organizations. The implications of such a breach extend beyond financial loss, potentially affecting the club’s reputation and trust among fans and stakeholders.

Free Mobile Database for Sale

Another alarming revelation involves the alleged sale of a customer database linked to Free Mobile, a major telecommunications provider in France. A hacker claims to have scraped data on 19.2 million users, including 5.1 million IBAN numbers. The dataset reportedly contains a wealth of personal information, such as email addresses, user IDs, names, and subscription details. This is not the first instance of such a claim; a similar post surfaced in October 2024, suggesting that the data may be recycled or resold multiple times. Organizations must scrutinize the validity of such claims to assess the risk posed by potential data breaches.

Japanese Credit Card Records on the Dark Web

The sale of compromised credit card records is another troubling trend observed by SOCRadar. A hacker forum post claims to offer 300 credit card records from Japan, boasting a 70% validity rate. The dataset includes critical information such as card numbers, expiration dates, CVVs, and personal details of the cardholders. The auction for this dataset is set to conclude within 24 hours, emphasizing the urgency and high stakes involved in the dark web marketplace. This incident underscores the need for consumers and businesses alike to remain vigilant against credit card fraud and identity theft.

Emergence of Seraph Stealer Malware

In the realm of malware, the emergence of a new info-stealer tool named Seraph Stealer has raised alarms. This malware is designed to extract sensitive data from compromised systems while evading detection. According to the threat actor, Seraph Stealer can exfiltrate login credentials, system files, gaming platform credentials, and even cryptocurrency wallet information. The tool operates without a command-and-control server, utilizing Discord webhooks to transmit stolen data. Priced at $45 for lifetime access, this malware poses a significant threat to individuals and organizations alike, highlighting the need for robust endpoint security measures.

Internal Conflicts within Black Basta Ransomware Group

In a surprising twist, internal chat logs from the notorious Black Basta ransomware group have been leaked, revealing conflicts and defections within the organization. The logs, which span over a year, expose low morale among members, scams involving ransom payments, and disputes among administrators. This leak provides valuable insights into the inner workings of cybercriminal organizations and may serve as a potential opportunity for law enforcement to disrupt their operations. The leaked information also includes Indicators of Compromise (IoCs) that can aid organizations in detecting and mitigating potential threats.

Alleged Data Leak from Investing.com

Finally, a hacker claims to have exploited a vulnerability in Investing.com, a financial markets platform, leading to a significant data leak. The alleged dataset includes information from over 6.4 million users, with records dating back to 2014. The threat actor claims to have identified an Insecure Direct Object Reference (IDOR) vulnerability, allowing access to user information before it was patched. This incident underscores the importance of robust security practices and timely vulnerability management to protect sensitive user data.

Conclusion

The recent surge in cybercriminal activity on hacker forums serves as a stark reminder of the evolving threat landscape. Organizations must remain vigilant and proactive in their cybersecurity efforts to safeguard sensitive information and mitigate potential risks. By staying informed about the latest threats and implementing robust security measures, businesses can better protect themselves against the ever-present dangers lurking in the dark web. As cybercriminals continue to innovate and adapt, the need for comprehensive digital risk protection has never been more critical.