Content, Content, Content: Top Blogs from DarkOwl in 2024

January 07, 2025

Thanks to our analyst and content teams, DarkOwl published over 115 pieces of content last year, another new record for the team. DarkOwl strives to provide value in every piece written, highlighting new darknet marketplaces and actors, trends observed across the darknet and adjacent platforms, exploring the role the darknet has in current events, and highlighting how DarkOwl’s product suite can benefit any security posture. Below you can find 10 of the top pieces published in 2024.

Don’t forget to subscribe to our blog at the bottom of this page to be notified as new blogs are published.

1. The Rise and Fall of Breach Forum… For Now?​

In May, the popular data sharing dark web forum, BreachForums was seized by Law Enforcement. At the time of writing one of the clearnet mirrors was still up and pointing to a new Telegram channel promising to be back soon. 

By 23 May, BreachForums was back with a new onion address, the administrators ShinyHunters announced the new site on Telegram. Initially only those who had previously had an account were able to enter. Whereas its predecessor had many open areas the new site required users to login before any information could be shared. However, a few days later registration was opened. 

Many in the community have speculated that this new site is a honeypot from Law Enforcement and are avoiding it. However, ShinyHunters have been posting large leaks from well know organizations such as Ticketmaster which some have speculated is to increase interest in the site again. Read blog here.

2. 😈 The Dark Side of Emojis: ☠️ Exploring Emoji Use in Illicit and Underground Activities 😈 

Did you know that there are 3,664 emojis available in the United States alone? Emojis, the small digital icons used to express emotions, ideas, or objects, continue to be an integral part of modern digital communication. And while their innocuous appearance is often benign, there continues to be a growing body of evidence that bellies a darker side. A darker side that supports illicit and underground activities. Criminals continue to exploit emojis to communicate covertly, conducting illegal transactions and targeting innocent victims all while evading law enforcement and text-based detection systems.  

To celebrate World Emoji Day, this blog highlights some of the emojis used in illicit and underground activities. We will dive into how emojis are evading law enforcement and text-based detection systems. This is by no means an exhaustive list of contributing factors but merely an analysis of common overlapping gaps. Full blog here.

3. StarFraud Chat – Telegram Channel Analysis using AI

In the digital age, understanding user behavior and engagement within online communities is crucial for any OSINT or dark web investigator. Increasingly, Telegram channels have been used by threat actors to communicate, sell illicit goods, share disinformation, and generally communicate among other activities. Monitoring of these channels is important to track the activities of these groups and mitigate any threats they may pose to individuals and/or organizations.  

However, the amount of data that can be included in these channels can be very large in volume. DarkOwl, therefore, wanted to establish if AI (artificial intelligence) could be used to analyze the data included in a specific channel and what could be discerned from that data. Read blog here.

4. Site Spotlight: Doxbin

The site Doxbin is a paste site which allows users to post information in text format about other individuals, usually containing personal identifiable information (PII). Information is posted for a range of alleged reasons, which are usually provided in the title of the dox and can contain extensive information about individuals. Although this site is currently hosted on the clearnet and maintains an official Telegram channel, the site originally operated as an .onion site and is still used by dark web affiliated individuals. 

In this blog, we explore the history of the site, who is behind it and the impact that it can have on the victims of a dox, as well as alleged recent activity related to the reported owner. Read more.

5. Darknet Marketplace Snapshot Series: Dark Empire Market 

Darknet marketplaces (DNMs) are synonymous with where on the dark web users can buy and sell illicit goods.  

Traditional DNMs are defined as dark or deep web sites where numerous (often hundreds) vendors can sell various types of products ranging from drugs, digital goods, leaked databases, counterfeit documents, credit cards, etc.

As we continue our Darknet Marketplace snapshot series we will review Dark Empire Market, one of the most popular marketplaces available on the darknet today. Check it out.

6. Threat Actor Spotlight: SCATTERED SPIDER

In the digital age there are many groups of threat actors that operate in the cyber realm targeting different industries, countries and have different motivations. It is important to monitor these groups in order to identify who they are likely to target, what methods they are using and how they are operating. In this blog, we explore one such group known as SCATTERED SPIDER (SS) by security researchers. Read more.

7. Actor Spotlight: ShinyHunters

For fans of Pokémon, the name ShinyHunters refers to a practice of seeking out, capturing and collecting shiny Pokémon. However, on the dark web the term has a much more nefarious meaning.  

ShinyHunters is a cybercriminal group known for their high-profile data breaches and relentless pursuit of sensitive information, and has carved out a reputation as one of the most prolific and dangerous actors in the cybercrime arena.  

In this blog, we will take a deeper dive into their activities and their association with the dark web forum BreachForums. Read blog here.

8.  Darknet Marketplace Snapshot Series: Ares Market

Dark web marketplaces are synonymous with the dark web where users can buy and sell illicit goods. It began with Farm Market, followed by the more prolific Silk Road. Ever since Silk Road was taken down by law enforcement, different markets have jostled for supremacy. As such, dark web markets are perhaps one of the more recognized things to appear on the dark web and they operate just like surface web marketplaces with reviews, escrow services and reputations.  

However, in recent years law enforcement have become more and more successful at shutting down these marketplaces, meaning that the vendors have to move to new areas. There have also been a number of exit scams from marketplaces with the admins closing down the site and taking the funds in escrow. 

Originally established in 2021, Ares Market is a well-known marketplace that offers a variety of products, from illicit substances and pharmaceutical substances to digital fraud products ranging from credit card fraud, cryptocurrency fraud, malware source code as well as a robust variety of counterfeit products like currency and IDs. Learn more.

9. ISIS Activity on Messaging Apps

The Islamic extremist group formerly known as ISIS (Islamic State of Iraq and Al-Sham) or IS (Islamic State), a designated terrorist group, came to prominence in 2014, formed from al-Qaeda linked groups, declared itself a caliphate and occupied territory in Iraq and Syria. IS is a transnational Islamic extremist movement that now has more widespread support today in parts of Africa and Asia than at the time of its formation in 2014. The group has been responsible for and inspired terrorist attacks throughout the world, killing and injuring thousands. In this blog, DarkOwl analysts review recent terrorist attacks from IS and the groups activity on Telegram and Rocket.Chat. Full blog here.

10. Gaming and the Darknet

In celebration of National Video Game Day on July 8th, this blog examines the intersection between gaming and darknet communities, notably instances of criminal activity targeting gamers or carried out by gamers themselves. This blog will highlight the prevalence of hacking in gaming communities—stolen accounts, pirated games, leaked data, etc.—as well as the infiltration of violent extremist ideologies into certain gaming communities. Read blog here.

2024, That’s a Wrap!

Thank you to everyone who reads, shares and interacts with our content! Anything you would like to see more of, let us know by writing us at [email protected]. Can’t wait to see what 2025 brings! Don’t forget to subscribe to our newsletter below to get the latest research delivered straight to your inbox every Thursday.

See why DarkOwl is the Leader in Darknet Data

Copyright © 2024 DarkOwl, LLC All rights reserved.
Privacy Policy
DarkOwl is a Denver-based company that provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data. We shorten the timeframe to detection of compromised data on the darknet, empowering organizations to swiftly detect security gaps and mitigate damage prior to misuse of their data.