During our routine Dark web monitoring, the Research team at Cyble found multiple posts where the Threat Actors are selling alleged data leaks related to Chinese citizens. The alleged leaks could be related to Gongan County, Weibo, and QQ as shared by the actors in the posts.
- Gong’an County is in southern Hubei province, People’s Republic of China, bordering Hunan to the south. It is under the administration of Jingzhou City.
Sample data of alleged 999 household registrations of Chinese citizens from Gong’an county was shared as proof.
After the analysis of sample data by our researchers, it was noticed that –
- Id
- Sex
- Name
- Birth
- Mobile
- Address, and
- Code number
of 7.3 million Chinese citizens are available for sale.
2. Weibo is a platform based on fostering user relationships to share, disseminate and receive information. Through either the website or the mobile app, users can upload pictures and videos publicly for instant sharing, with other users being able to comment with text, pictures and videos, or use a multimedia instant messaging service. The threat actor was selling 41.8 million records on a Russian-speaking cybercrime forum. Screenshot shared below –
During the analysis of the sample data, it was noticed that the weibo_id and respective mobile number were listed in an excel sheet. The threat actor is selling details of 41.8 Million chinese users on the darkweb
3. QQ is an instant messaging software service and web portal developed by the Chinese tech giant Tencent. QQ offers services that provide online social games, music, shopping, microblogging, movies, and group and voice chat software. The threat actor is selling details of 192 Million Chinese users on the darkweb
During the analysis of the sample data, it was noticed that the qq number and respective mobile number were listed in an excel sheet.
Here are a few ways to prevent cyber-attacks:
- Never click on unverified/unidentified links
- Do not open untrusted email attachments
- Only download media from sites you trust
- Never use unfamiliar USBs
- Use security software and keep it updated
- Backup your data periodically
- Keep passwords unique and unpredictable
- Keep Software and Systems up to date
- Train employees on Cyber Security
- Set up Firewall for your internet
- Take a Cyber Security assessment
- Update passwords regularly
About Cyble
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the darkweb. Cyble’s prime focus is to provide organizations with real-time visibility into their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Startups To Watch In 2020. Headquartered in Alpharetta, Georgia, and with offices in Australia, Singapore, and India, Cyble has a global presence.