Login
Get started
Get started Login
Products
Solutions
KNOWLEDGE
HELP CENTER
COMPANY

Open web

DARK WEB

DATASETS

TECHNOLOGIES

Learn

Your hub for web data

BLOG

Large Language Models: What Your Data Must Include

Large Language Models like ChatGPT, and BERT need huge and quality datasets. Here's what their datasets should include.

Back to all Dark Web Pulses
Web Intelligence

What Threats are Governments Facing on the Dark Web?

January 25, 2022    
What Threats are Governments Facing on the Dark Web?

After 70 Ukrainian government sites were hit by hackers with suspected ties to Russia, our cyber analysts have run a series of checks to investigate the cyber risks governments are facing on the dark web.

Using our database, we searched for government domains and emails, the type of information cybercriminals will need to prepare an attack. These government related keywords returned dozens of thousands of results, every week.

Where are threat actors trading government-related information in the dark web?

The top dark and deep web sites and networks we found information related to governments are:

  • Datastores (marketplaces for stolen data like login credentials, cookies, PIIs, etc.) 
  • Chatting applications 
  • Pastes sites
  • Hackers forums 

Let’s dive into each and understand the type of threats that can be found on them.

Datastores

Here you can find one of the most popular credentials-markets on the dark web, the Russian Market. On this marketplace, we found tens of thousands of results only from the past 3 months that offer domain logins of various governments for sale. These login details can help threat actors gain unwanted access to government systems.

A screenshot of Colombian gov domains logins for sale on Russian Market
A screenshot of Colombian gov domains logins for sale on Russian Market

Chatting Applications

Another popular place we found tens of thousands of results from the last 3 months is Telegram. After filtering out general discussions related to governments, it is easy to spot high risk posts. For example, threat actors selling databases, shells (interface that enables remote access to a web server) and PUA configs (potentially unwanted application configurations on a remote computer or servers) belonging to different governments.

Telegram messages from Webz.io’s Cyber API showing Lebanese government database for sale
Telegram messages from Webz.io’s Cyber API showing Lebanese government database for sale
Telegram messages offering Ohio state config data for sale among others as shown on Webz.io Cyber API
Telegram messages offering Ohio state config data for sale among others as shown on Webz.io Cyber API

Paste Sites

On paste sites, we were able to detect different kinds of content including discussions about attacks and guides on attack methods used to hack into systems of government agencies. We also see actors using this platform to post data leaks.

A leak of data belonging to the Paraguayan Government on Pastebin
A leak of data belonging to the Paraguayan Government on Pastebin

Hacker Forums

Unsurprisingly, Raidforums, one of the most popular hackers forums, is a platform for a lot of illicit content relating to government cybersecurity intelligence. Some of the most common content we find on it are database leaks, discussions between threat actors, and trade of exploits and methods of attacks. For example:

  • Early Indicators of Attack – Discussions that include mentions of information regarding domains. This is often a strong indication that an attack is in the making because it means that the domain is on the radar of threat actors. 
Example of illicit trade of government domains on Raidforums
Example of illicit trade of government domains on Raidforums
  • Early indicator of abuse of email domains –  When a threat actor offers access to email domains belonging to a government, like the type mentioned in the post below, can be used for social engineering. As a result, the actor can obtain sensitive information or gain unlawful access to government assets.   
A post on Raidforums offering access to emails from domains belonging to NASA as well as to the U.S. Government and Senate
A post on Raidforums offering access to emails from domains belonging to NASA as well as to the U.S. Government and Senate

With more and more cyberattacks hitting at government sites and assets, tracking the dark and deep web spaces becomes key to the national security and stability of every country.

Avishag Yulevich
Avishag Yulevich

Senior Cyber Analyst

Spread the News
Previous Post
Next Post

Not subscribed to our Dark Web Pulse updates?

By submitting you agree to Webz.io's Privacy Policy and further marketing communications.

Read More

Could Panasonic’s Breach Have Been Prevented?
January 24, 2022    

Could Panasonic’s Breach Have Been Prevented?

On November 26, 2021, Panasonic joined a long list of companies that suffered a data breach over the past year. See the posts we found in the dark web that could indicate that an attack was in the making.
Top 5 Ransomware Group Trends in 2021
January 24, 2022    

Top 5 Ransomware Group Trends in 2021

Ransomware gangs ramped up their cyber attacks in 2021. Here are 5 trends related to these groups that you need to know.
The Rise in Use of Alternative Social Media Platforms for Illicit Activities
January 24, 2022    

The Rise in Use of Alternative Social Media Platforms for Illicit Activities

The year of 2021 has seen the rise of alternative social media platforms. Discover the top illicit discussion topics we monitored on these sites.

Feed Your Machines the Data They Need

Feed Your Machines the Data They Need

GET STARTED