Thanks to our analyst and content teams, DarkOwl published over 110 pieces of content last year, a new record for the team. DarkOwl strives to provide value in every piece written, highlighting new darknet marketplaces and actors, trends observed across the darknet and adjacent platforms, exploring the role the darknet has in current events, and highlighting how DarkOwl’s product suite can benefit any security posture. Below you can find 10 of the top pieces published in 2023.
Don’t forget to subscribe to our blog at the bottom of this page to be notified as new blogs are published.
The world was shocked by the invasion of Hamas insurgents into Israel along multiple entry points from the Gaza Strip on October 7, 2023. This has led to a huge number of posts, images and videos being shared of the incursion and atrocities on social media but also on the dark web and dark web adjacent sites.
DarkOwl analysts are closely monitoring this situation and have identified a wealth of information being shared, some of it legitimate and some likely to be disinformation. In this blog, we provide information relating to known cyber groups active on Telegram and how they have reacted to the invasion. Some groups quickly pledged their support for one side or the other. Read blog here.
For Valentine’s day, our analysts put together a piece to shed light on romance scams – one of the fastest growing schemes across the globe. In the last decade, dating apps and websites have skyrocketed in popularity. As a result, nefarious actors have similarly sought to capitalize off of this booming industry by exploiting and scamming its users. In fact, according to the Federal Trade Commission (FTC), the number of reported romance scams tripled in size from 2017 to 2021. Romance scams are part of a complex criminal enterprise that exploits unassuming individuals on both an emotional and sometimes devastatingly catastrophic monetary basis. Full blog here.
When Hamas militants entered Israel along several fronts on 7 October 2023, Israel and the world were shocked. As events have unfolded this has turned to disbelief that Hamas were able to mount such a complex and successful attack without prior intelligence to indicating an attack. In the months and years to come people will surely reflect on the entirety of intelligence failures that lead to these events, but initial reports seem to suggest that Hamas succeeded by “going dark.”
DarkOwl analysts reviewed our coverage of Hamas linked Telegram channels to identify if there was any change in their activity preceding the assault. We identified that there was a period of inactivity in the run up to the attacks for some but not all the channels. This could have been a coincidence, and we have seen no hard evidence suggesting that the period of inactivity was a precursor to the invasion. However, it is important to monitor the activity of pro Hamas Telegram channels to establish if there were any patterns to the posts.
In this blog, we review some of the channels we are currently monitoring. Read blog here.
In DarkOwl’s Darknet Marketplace Snapshot blog series, our researchers provide short-form insight into a variety of darknet marketplaces: looking for trends, exploring new marketplaces, examining admin and vendor activities, and offering a host of insights into this transient and often criminal corner of the internet. This edition features Styx market. Styx is a darknet marketplace selling illegal techniques for committing fraud, money laundering, and access to stolen data. Chatter on the darknet around Styx market first appeared in 2020 before the marketplace officially opened in mid-January 2023. Styx market offers stolen data as well as a variety of products for conducting illegal cyber activities. Learn more about Styx here.
The darknet is home to a diverse group of users with complex lexicons that often overlap with the hacking, gaming, software development, law enforcement communities, and more. DarkOwl’s Glossary of Darknet Terms is a continually evolving resource that defines the common vernacular, slang terms, and acronyms that our analysts find in places like underground forums, instant messaging platforms (such as Telegram), as well as in information security research pertaining to the darknet. Check it out.
DarkOwl analysts have assembled a list of Telegram channels commenting on the current conflict in the Middle East. It is important to note that the channels labeled hacktivists are hacker groups, people actively DDoSing websites (distributed denial-of-service attacks), defacing websites, etc. Conflict media includes channels that are not related to hacking but are sharing various forms of near real time content from the conflict in the form of text, audio, images, and video. Analysts have found that there is more propaganda and misinformation on the conflict media accounts versus the hacktivist accounts (not say that it does not exist). Full list here.
Many times we use the words “scam” and “fraud” interchangeably. Fraud is an umbrella term, legally referring to various types of chargeable criminal offenses. Scams, on the other hand, are a particular segment of fraud. One way to think about the difference between these two is from a legal perspective. Fraud is serious criminal business, while scams are considered more minor offenses in comparison. Many types of fraud are classified as felonies, versus scams which are typically charged as misdemeanors. Another way to look at it is from a banks’ perspective. Financial institutions differentiate the two as such: scams are theft of funds with your permission or knowledge, while fraud is financial theft without your permission or knowledge. This blog explores the differences. Read blog here.
The darknet (or “dark web”) is a thriving ecosystem within the global internet infrastructure that many organizations struggle to incorporate into security posture, but is becoming an increasingly vital component. In certain cases, that is because taking raw data and turning it into actionable security intelligence requires leveraging DARKINT – or data points sourced from the darknet and other OSINT sources that together form a risk and/or investigative portfolio. Learn more.
Genesis Market is a well known darknet exchange that specializes in the sale of identity and account-takeover tools – which, in the case of this forum, primarily means the sale of compromised personal devices via the use of malware. When a buyer obtains a “bot” from Genesis Market, they are actually purchasing persistent remote access to an unsuspecting victims computer. In April, the United States Federal bureau of Investigations has announced the seizure of the criminal forum Genesis Market in an internationally coordinated effort dubbed “Operation Cookie Monster.” Our analysts detected the disruption in Genesis Market at early afternoon Tuesday April 4th, which is consistent with other accounts who also saw the popular marketplace replaced with the law enforcement landing page at that time. Full blog here.
The letter “Z” has been heavily used as a pro Russian invasion propaganda motif since the early days of the invasion in 2022. The “Z” symbol is often associated with images of Russian leaders in the government or military. The symbol is also commonly associated with Russian war journalists, soldiers, and other Kremlin supporters typically used as vehicles for misinformation campaigns on chat platforms like Telegram. The media commonly refers to this group of individuals as the “Z bloggers”, the “Z Army”, and more generally as war influencers. This blog will take a look at recent posts from 3 different “Z blogger” channels in an effort to better understand how this content has recently been utilized as a propaganda motif. Read blog here.
Thank you to everyone who reads, shares and interacts with our content! Anything you would like to see more of, let us know by writing us at [email protected]. Can’t wait to see what 2024 brings! Don’t forget to subscribe to our newsletter below to get the latest research delivered straight to your inbox every Thursday.
Products
Services
Use Cases