今日已更新 339 条资讯 | 累计 19899 条内容
关于我们

标签:#darkweb

找到 1 篇相关文章

AI 资讯

"KakaoTalk Source Code for Sale" — Anatomy of a Dark-Web Claim, the Real Target, and the Blast Radius If It's True

id CTI-2026-0708-KAKAO title "KakaoTalk Source Code for Sale" — Anatomy of a Dark-Web Claim, the Real Target, and the Blast Radius If It's True subtitle Not a data breach but a leak of intellectual property and infrastructure. Title says KakaoTalk, repo names say ZigZag — an extortion pitch built on a misattributed target author Dennis Kim / HoKwang Kim email gameworker@gmail.com github gameworkerkim date 2026-07-08 classification TLP:GREEN severity HIGH (conditional — CRITICAL if verified) lang en tags Source-Code-Sale · Dark-Web · Extortion · Target-Misattribution · Kakao-Style · ZigZag · Supply-Chain · LLM-Weaponization · DPRK-APT · Secret-Sprawl threat_actors ExtortionLord (unidentified dark-web forum seller) frameworks MITRE ATT&CK · NIST SP 800-207 (Zero Trust) · SLSA / SSDF (SP 800-218) · PIPA Art. 34 (Korea) license CC BY-NC-SA 4.0 "KakaoTalk Source Code for Sale" — Anatomy of a Dark-Web Claim, the Real Target, and the Blast Radius If It's True Report ID CTI-2026-0708-KAKAO · Published 2026-07-08 · Classification TLP:GREEN · Severity 🔴 HIGH (conditional) Author Dennis Kim / HoKwang Kim · gameworker@gmail.com · @gameworkerkim 🌐 한국어 · English (this document) Not a data breach but a leak of intellectual property and infrastructure. The title says KakaoTalk, the repository names say ZigZag — an extortion pitch built on a misattributed target. Table of Contents Executive Summary (TL;DR) Framing — Not "What's Being Sold" but "What's at Stake" The Claim — Anatomy of the Listing The Real Target — Title Says KakaoTalk, Fingerprints Say ZigZag Credibility Assessment — Why We Can't Trust It Yet Blast Radius If True — Why It Exceeds TVING and CU Three-Breach Severity Comparison — Data Leak vs. Code/Infra Leak Korean Context — The Next Stage of the B2C Breach Chain Detection, Mitigation, and Response Recommendations Conclusion References 1. Executive Summary (TL;DR) In early July 2026, a threat actor calling itself "ExtortionLord" posted a dark-web forum listing offering

2026-07-08 原文 →