Iranian laboratories likely experienced a breach, leading to the compromise of their data on a notable hacker forum.
Names, phone numbers, and additional health-related records were part of the exfiltrated database, as noted by Threat Intelligence Platform Falcon Feeds in a tweet.
However, the veracity of the records featured in the purported Iranian laboratories data sale remains unverified.
Iranian Laboratories Data Sale
The above screenshot from the hacker forum announced the Iranian laboratories data sale with the claim that they had access to the target’s databases.
They wrote that they were in possession of data belonging to 600 top Iranian laboratories. The data included 65 million records being put on sale on the dark web.
The database encompassed a range of crucial information, comprising complete names, both home and mobile phone numbers, age, specific insurance types, disease records, attending doctors’ names, as well as national codes or Social Security Numbers (SSNs).
The hacker forum user claimed that the Iranian data leak had pictures alongside each person’s record. “I’ve dumped 2 million records as proofs,” the user posted on the dark message.
The user indicated that access to the comprehensive dataset would be granted to those who make the payment, as stated in the dark web post.
Additionally, they extended an offer to assist purchasers of the Iranian laboratories dataset by providing instructions on retrieving all the available information.
They were selling the Iranian laboratory data for US $5,000 and denied answering questions on the hacker forum.
Other contact details were offered to negotiate the dark web trade involving laboratory data from 600 organizations in Iran.
The names of the affected Iranian laboratories were not mentioned in the tweets made by Falcon Feeds.
Other Hacker Forum Trade
Another recent report from the hacker forum brought to light a trade involving the sale of data from Tamin.ir. The named website was of Iran’s Social Security Organization which was accessible at the time of writing.
The user on the hacker forum claimed to have a full database from the Iranian website and was found selling usernames and passwords to buyers. “I’ll sell the access (username/password) so you can get as much as information you want,” the hacker forum user wrote.
The data was arranged for sale for $2,000.
Researchers also uncovered instances of data being sold from Chinese and Vietnamese websites. From a website in China, a dataset of approximately 479,082,385 records was linked to the Ministry of State Security and surfaced on the hacker forum.
Among the Vietnamese targets were listed the names of Yola.vn, an educational institution, and The Bad God, a clothing store in Hanoi.
The individual was offering the compromised data from The Bad God for a price of $300, payable in Bitcoin and Monero. All the named websites were accessible when checked by the Cyber Express.
Besides databases from company websites, a user was found selling Quark Drainer on the hacker forum.
Quark Drainer was a cryptocurrency drainer that worked on several wallets including Metamask, TrustWallet, and Coinbase.
Quark Drainer that could make transfers among other illicit tasks was offered on sale with installation details, technical support, a manual, etc.
It was offered on a monthly subscription of $100. An advertisement for the Quark Drainer on Medium read, “What’s the purpose of this since you’re not poor?”
“It’s motivation for development. Searching for any new vulnerabilities and private implementations in the drainer functionality so that it would always remain truly #1 on the market,” the blog added.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
