Kaspersky Exposes 40,000 Dark Web Posts Trading Corporate Secrets, With a Disturbing Surge in Unauthorized Access Offers

Kaspersky Digital Footprint Intelligence unveils 40,000 dark web posts spanning two years, revealing a thriving marketplace for the sale of internal corporate information. Cybercriminals orchestrate these posts, resulting in a 16% increase in unauthorized access offers, impacting every third company globally. Swift identification and response, continuous dark web monitoring, and comprehensive incident response plans are crucial for businesses to safeguard against escalating cyber threats.


13 December 2023 – In a concerning revelation, the Kaspersky Digital Footprint Intelligence team has exposed nearly 40,000 dark web posts spanning the past two years, illuminating a thriving marketplace for the sale of internal corporate information. Orchestrated by cybercriminals, these posts serve as hubs for the illicit trading, selling, and distribution of data pilfered from various companies through cyberattacks. Notably, there has been a disturbing 16% increase in posts offering unauthorized access to corporate infrastructures, impacting every third company worldwide, as indicated in dark web references associated with data or access sales.

Between January 2022 and November 2023, Kaspersky’s experts diligently observed an average of 1,731 dark web messages per month, unveiling the extensive sale, purchase, and distribution of internal corporate databases and documents. This comprehensive monitoring encompassed dark web forums, blogs, and shadow Telegram channels, providing insights into the global landscape of cyber threats.

The surge in dark web messages advertising pre-existing access to corporate infrastructures has become a prominent trend, with over 6,000 such messages recorded in the period from January 2022 to November 2023. This represents a 16% rise in the average monthly messages, underlining the growing risk of unauthorized access. Despite the seemingly modest number of messages, the potential magnitude of the issue is substantial, especially in the face of the imminent threat of supply chain attacks. Even breaches targeting smaller companies could escalate, impacting numerous individuals and businesses globally.

Anna Pavlovskaya, an expert at Kaspersky Digital Footprint Intelligence, sheds light on the intricacies of these dark web transactions. She explains that not every message on the dark web contains unique information, as cybercriminals often employ repetitive tactics. For instance, when malicious actors aim to swiftly sell data, they may post it on different underground forums to reach a broader audience of potential criminal buyers. Furthermore, she highlights the creation of ‘combolists,’ databases aggregating information from previously leaked databases, as a prevalent practice.

To fortify the security of businesses globally, Kaspersky Digital Footprint Intelligence experts delved into mentions of 700 random companies in 2022. The findings unveiled that one in three organizations, totaling 233 companies, were referenced in dark web posts related to the illicit exchange of data. The references specifically involved data breaches, stolen access to infrastructure, or compromised accounts, emphasizing the pervasive nature of cyber threats.

For more in-depth statistics on dark web discussions, readers can refer to Securelist. Additionally, the Kaspersky Digital Footprint Intelligence website offers a comprehensive incident response playbook to aid businesses in handling leak-related incidents effectively. In the face of escalating threats, implementing robust security measures is crucial. Swift identification and response to data breaches, continuous monitoring of the dark web, preparation of communication plans, and development of comprehensive incident response protocols are recommended to mitigate risks and protect against cyber threats.

Author: Terry KS

Share This Post On