Normal_Student @KNormal_Student
Cyber Security & Threat Intelligence Reaserch contact : [email protected] signal : KNormal_Student.27 Republic of Korea Joined October 2024-
Tweets16
-
Followers28
-
Following94
-
Likes182
🚨 DDOS Alert #RipperSec published another anti-Israel themed targeting post referencing accessible[.]org[.]il. Observed: • Claimed target: accessible[.]org[.]il • Infrastructure details disclosed (IP / ISP / ports) • WAF presence referenced • Propaganda-oriented messaging • No publicly verified evidence of compromise observed at this time #ThreatIntel #Hacktivism #OSINT #CyberThreat #DDoS
🇰🇷 Threat actors are publicly distributing an alleged dataset linked to WHIF.io, a South Korean AI character chat and storytelling platform operated by Bunker Kids Co., Ltd. According to the underground post, the leaked dataset allegedly contains approximately: • 313,000 records • structured JSON-style exports • user/account-related information • profile and application metadata Publicly available information indicates WHIF is a South Korea-based AI entertainment/chat platform focused on story-driven AI interactions and webtoon-style experiences. At this stage, the authenticity, scope, and origin of the alleged dataset remain unverified. As with many underground leak claims involving consumer AI platforms, it remains unclear whether the data represents: • a direct platform compromise • exposed APIs or databases • scraped public content • third-party integrations • or repackaged historical data If confirmed, the exposure could create risks including: • phishing campaigns • account takeover attempts • creator/user impersonation • spam operations • and social engineering targeting platform users AI-driven social and entertainment platforms continue to attract underground attention due to their rapidly growing user bases, behavioral data, and integrated social ecosystems. Daily Dark Web is continuing to monitor the situation. #SouthKorea #Korea #CyberSecurity #DataBreach #ArtificialIntelligence #ThreatIntelligence #DDW #Intelligence
Pro-Russian hacktivist group “NoName057” claimed DDoS-style attacks targeting multiple Ukrainian private security companies and organizations. Referenced targets included: • Alliance-Security • PHOENIX-S • ELIT-GROUP • Ukrainian Federation of Security Professionals • Security and Safety Group • Security Kyiv • Security LTD • Kruk The group shared multiple check-host[.]net links as claimed outage evidence under #OpUkraine messaging. #ThreatIntel #CyberThreat #Hacktivism #OSINT
⚠️ Breach Claim Update reported by #Team_D4rkn3ttz @KNormal_Student The threat actor group APT IRAN has released a Proof-of-Concept (PoC) claiming access to Lockheed Martin’s infrastructure. The shared material includes: • what appears to be an internal email interface • Claimed evidence of system access (PoC-1) The actor reiterates earlier claims of: • F-35 and defense-related materials • Employee and internal communications data ⚠️ At this stage: • The PoC does not independently confirm full compromise • The origin and authenticity of the remain unverified #APTIRAN #LockheedMartin #CyberThreat #ThreatIntel #DataBreach
⚠️ Critical Access Sale Reported by #Team_D4rkn3ttz @KNormal_Student A threat actor on a cybercrime forum is offering full access to Rosseti (ПAO Россети) — one of Russia’s largest power grid operators. Key claims from the listing: • Domain Admin privileges across ~500 hosts • Windows environments (Win7–11 / Server 2012–2022) • Access via RDP, AnyDesk, OpenVPN configs, and C2 beacons • Presence of AV solutions (Kaspersky, Avast) 📦 Data exfiltration (claimed): • ~3 TB total data dump • Corporate email archives • Internal documentation across multiple branches • Personal data of employees & customers (millions of records) • Credentials to internal systems ⚠️ At this stage: • The claim remains unverified #Rosseti #CriticalInfrastructure #AccessBroker #CyberThreat #ThreatIntel
⚠️ Website Defacement Detected by #Team_D4rkn3ttz @KNormal_Student On February 24, 2026, the website gsdreamjob[.]or[.]kr was observed displaying a defacement page attributed to Z-BL4CX-H4T-ID (Indonesia). 📡 Detection Source This incident was automatically detected through BLKIntel, our internally developed threat intelligence monitoring platform. 🔎 Assessment • This appears to be a web defacement incident, not a data breach claim. • No immediate evidence of backend database exposure observed at this stage. • Attribution aligns with previous Indonesian hacktivist patterns targeting random .kr domains. #ZBL4CXH4TID #Defacement #SouthKorea #CyberThreat #ThreatIntel
⚠️Threat Detection reported by #Team_D4rkn3ttz @KNormal_Student On February 15, 2026 (08:00 PM), the hacktivist group RipperSec II published an attack order targeting: • m.kfb.or.kr • ISP referenced: Korea Federation of Banks Detection: The threat from that Rippersec was discovered using a platform created by the analyst. #RipperSec #SouthKorea #OpKorea #CyberThreat #ThreatIntel #Hacktivism
🚨 Threat Detection Update by #Team_D4rkn3ttz @KNormal_Student On February 15, 2026, the hacktivist group BD Anonymous published an attack order under the name “Operation South Korea”, targeting ktoa[.]or[.]kr. The post included: • Claimed attack time (13:30) 📡 Detection Source: The 2nd and 3rd screenshots show this activity being detected and tracked through a custom-developed monitoring platform, built to identify hacktivist threat signals in real time. Through the platform, we were able to: • Detect the post within minutes of publication • Comprehensive monitoring and detection, automatic feed generation, etc. #BDAnonymous #RipperSec #OperationSouthKorea #OpKorea #CyberThreat #ThreatIntel
⚠️ Activity Update reported by #Team_D4rkn3ttz @KNormal_Student @none_028 We observed a South America–based Telegram channel sharing multiple “result” files allegedly related to activity against a Korea Health Industry Development Institute (KHIDI) domain. The channel posted : • Multiple .txt result files labeled as “Nodo 1 / Nodo 2 / Nodo 3 (100 max.)” • Multiple email addresses and passwords • References to the target domain within the file names #KHIDI #SouthKorea #DDoS #CyberThreat #ThreatIntel
⚠️ Threat alert reported by #Team_D4rkn3ttz @KNormal_Student @none_028 ⏱ Timeline — RipperSec Attack Order (Follow-up) 📅 February 6, 2026 | 20:00 (claimed time) The hacktivist group RipperSec published a follow-up attack order post, this time explicitly targeting a South Korean government-related domain. Details shared by the actor: Target URL: dapa[.]go[.]kr (Defense Acquisition Program Administration) Claimed IP, Ports mentioned ISP referenced: SK Broadband Co., Ltd. Message included political and ideological statements related to Israel and arms supply 🔎Assessed as threat signaling / psychological pressure, not verified compromise #RipperSec #DAPA #SouthKorea #OpKorea #CyberThreat #Hacktivism #ThreatIntel
Threat alert reported by #Team_D4rkn3ttz @KNormal_Student @none_028 Timeline — RipperSec Attack Order February 5, 2026 | 20:00 (claimed time) The hacktivist group RipperSec published an attack order post targeting a South Korea–related web service. Details shared by the actor: Target URL: hd[.]com/kr/main Claimed IP, Ports, Hosting provider referenced Message included political and ideological statements #RipperSec #SouthKorea #OpKorea #CyberThreat #Hacktivism #ThreatIntel
🚨 Major multi-dataset leak claim reported by #Team_D4rkn3ttz @KNormal_Student We have identified a series of large-scale data leak claims posted on the DEDSEC Telegram channel. According to the actor, the following datasets were exposed: • 🇨🇳 China loan records (2024) • 2TB SQL database allegedly containing Chinese government citizen data • 🇨🇳 Shanghai Government dataset (49GB) • Additional large personal/address datasets (names, ID numbers, phone numbers, birthdates, addresses, etc.) The screenshots show structured JSON/SQL entries including fields such as: – Name – Phone number – Gender – Birthday – ID/ID card – Address – Company / industry chain data – Various metadata fields #DataLeak #China #Shanghai #DEDSEC #CyberThreat
@KNormal_Student, an analyst from Team D4rkn3ttz, will be presenting at this year's HolyShield Conference 2025 on the topic: “From Bluster to Threat: A Real-World Hacktivist Experience.” Those interested can register to attend via the link below. holyshield2025.com/conference We look forward to your participation!
Reported by #Team_D4rkn3ttz @KNormal_Student Further analysis revealed that the blockchain wallet used in the SK Telecom data breach incident is identical to those associated with #CyberSell666 and #DigitalGhost. These wallets were previously linked to the NATO data breach incident. Confirmed wallets: • BTC: bc1q5v7y5r5fkm80cnhp7fuwrx6expyeyhnhnns2sc4z0ma3kfc83apq7j736r (mixing address) • BTC(2): 14v1giLjrV1kDJ55cAfu74Cv1EvmJpLYMH • ETH: 0x07B06eA0aa2224cC7e37DcB2d8BE6BD7e4f63019 • SOL: GCirGRQc8tZKMncvGhQVSGb18pnGHsAM9BEtRkh5MuUV The same BTC wallet was found in the NATO dataset sale reported by CyberSell666 (Source: cybershafarat.com, July 19, 2025). Additionally, the Tmap dataset reappeared, suggesting reused or duplicated content. #SKTelecom #DataLeak #DigitalGhost #CyberSell666 #Rubicon #CyberThreat #Blockchain #ThreatIntelligence
Indie 🎨 @vemxq96iop
100 Followers 332 Following Gazing at the Sagrada Familia, Barcelona’s masterpiece left me in awe of Gaudí’s visionary art.
All Might @AllMightg88
1 Followers 25 Following
UwU @keuynascle
1 Followers 390 Following
Fusion Intelligence C... @stealthmole_int
125K Followers 11K Following StealthMole : #Criminal #Intelligence #Profiling #Investigation Platform, #OSINT #DarkWeb #DeepWeb #Leaked #DataBreach #Terror #Drugs #Cryptoassets #Ransomware
lazarusholic @lazarusholic
2K Followers 816 Following a big fan of #LAZARUS. Everyday is https://t.co/BDseMuN8KV, 🇰🇵 #DPRK, #CTI
Sungyup Nam @REDPACK_kr
350 Followers 919 Following CTO@78ResearchLab Ph.D.@Cybersecurity I'm interested in Windows LPE exploit, APT, Password Cracking, Deep Learning(specially GANs)
CHA Minseok(Jacky) @mstoned7
3K Followers 5K Following CHA is my family name. Threat Intelligence Researcher at AhnLab / Keybase : mstoned7 , Signal : mstoned7.21 / Tweets are my own.
ASilva @asilva_fk
135 Followers 1K Following
Youssef Madkour @M4lB3nder
57 Followers 939 Following Malware Researcher & Detection, Threat Analyst
D00m4 @D00m4_
1 Followers 20 Following
Vice Aliyah @tarotreading33
48 Followers 238 Following
곽근진 @jaejin2348
1 Followers 40 Following
s4db0y @Fusshaing
0 Followers 74 Following
Misa @Miisa_nYu
4 Followers 239 Following
锦李 @lbai55373
3 Followers 120 Following
RamenMan @notChojin
120 Followers 353 Following サイバーセキュリティに興味があります | OSINTメイン⇔技術面は未熟 | 音楽はVaundyとヨルシカばかり聴いています | Cyber Security / APT group
mak3bread @mak3bread
39 Followers 176 Following Bug Bounty Hunter | CTF with @rubiyalab @DeadSecCTF @malta_ctf
clay419 @cl4y419
81 Followers 143 Following
Young Chae, Seo @ycs3o
9 Followers 38 Following
Kaia Korea 🇰🇷 @KaiaChain_KR
10K Followers 86 Following 아시아 전역의 스테이블코인 결제 및 온체인 금융 인프라. Born from Kakao and LINE. @KaiaChainㅣ@BuildonKaia | @PlayonKaia
Seungjoo Kim (김승�... @skim71
4K Followers 2K Following Professor of @CysecSchool at Korea Univ. / Adviser of CyKor (DEFCON CTF 2015 & 2018 Winner) / Black Hat Asia Review Board / (Former) Team Leader of KISA
Aaron Jornet @RexorVc0
5K Followers 400 Following Threat Researcher at @socradar | Malware Researcher | Threat Hunter | CTI ¦ Former @ElevenPaths @Panda_Security 📖Book: https://t.co/ZmIUPBuNKG
GroundHog @AnalystHog_Gro
150 Followers 771 Following Researcher/Cyber Security Policy/National Security/OSINT analysis/South East Asia/China
GeekNews @GeekNewsHada
27K Followers 3 Following GeekNews 는 기술,개발,스타트업과 세상의 재미난 것들을 좋아하는 Geek들을 위한 뉴스사이트 입니다. 사용자들이 다양한 글과 정보를 직접 올리며, 이 계정은 긱뉴스에 새로 등록된 글들을 소개합니다.
VECERT Analyzer @VECERTRadar
38K Followers 51 Following ❮ Cybersecurity & CTI ❯ We are a cybersecurity company dedicated to critical analysis and adversary research.
LeakIX @leak_ix
7K Followers 239 Following Provide comprehensive visibility into internet-facing assets. Looking for vulnerabilities and misconfigurations 24/7 since 2020. https://t.co/MEjkffN1xg
Clandestine @akaclandestine
60K Followers 5K Following | Security | Osint | Threat Research | Opsec | Threat Intelligence | Infosec | Threat Hunting | Humint |
Sungyup Nam @REDPACK_kr
350 Followers 919 Following CTO@78ResearchLab Ph.D.@Cybersecurity I'm interested in Windows LPE exploit, APT, Password Cracking, Deep Learning(specially GANs)
CHA Minseok(Jacky) @mstoned7
3K Followers 5K Following CHA is my family name. Threat Intelligence Researcher at AhnLab / Keybase : mstoned7 , Signal : mstoned7.21 / Tweets are my own.
Mynymbox @mynymbox
2K Followers 218 Following Free speech. Privacy. Security. No BS Virtual Private Servers - Shared Hosting - Domain Registrations - Selfhosted VPN
곽근진 @jaejin2348
1 Followers 40 Following
ASilva @asilva_fk
135 Followers 1K Following
SΞCURΞUM @TheSecureum
13K Followers 1 Following Secureum = Security + Ethereum Founder: @0xRajeev Discord: https://t.co/m9fMLfXhEU
Spearbit @spearbit
14K Followers 33 Following Industry Leading Web3 Security. Request a security review here ➡ https://t.co/gqs2f17Yhd
Jamieson O'Reilly @theonejvo
22K Followers 1K Following Hacker. T̶h̶i̶n̶k̶i̶n̶g̶ Doing outside the box. Founder @d_vuln Breaking frontier AI models at https://t.co/GnRR2W3Nza Building the worlds most dangerous AI @tryaether_ai
Bernardo Quintero @bquintero
25K Followers 268 Following Founder of @virustotal 📖 INFECTED: https://t.co/RRguFlNWKR 📖 INFECTADO: https://t.co/WZ5C2U5ymR
Bitshadow @fbgwls245
4K Followers 167 Following Ransomware & Dark Web tracker | IOC sharing (hash / domain / IP) | Self-taught threat hunter | Forever learning, forever hunting | Student (dnwls0719)
Dark Reading @DarkReading
351K Followers 49 Following One of the most widely read and trusted cybersecurity news sites, providing IT security professionals informed insights into the latest news and trends.
Mandiant (part of Goo... @Mandiant
129K Followers 4K Following We’re determined to make organizations secure against cyber threats and confident in their readiness.
Whiteintel @whiteintel_io
6K Followers 8 Following Real-time threat and infostealer intelligence for MSSPs, enterprises, and researchers. Detect leaks, monitor takeovers and respond instantly.
RamenMan @notChojin
120 Followers 353 Following サイバーセキュリティに興味があります | OSINTメイン⇔技術面は未熟 | 音楽はVaundyとヨルシカばかり聴いています | Cyber Security / APT group
Group-IB Global @GroupIB
10K Followers 645 Following A leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime since 2003
Intel Night OWL 🦉�... @IntelNightOWL
515 Followers 4K Following RT ≠ endorsements | OpenSource Researcher / Developer | OSINT COMINT SIGINT CYBINT ELINT GEOINT ADINT MetaData | ADSB AIS SAT | SDR IoT Arduino | Linux | COFFEE
Zscaler ThreatLabz @Threatlabz
9K Followers 46 Following Threat intelligence and security research from @zscaler
Threat and Risk Intel... @ecrime_ch
6K Followers 138 Following #Cyber Intelligence and Risk Services Free ransomware news RSS feed: https://t.co/iBk7bRcO3b #ransomware #monitoring #threat
MalwareHunterTeam @malwrhunterteam
254K Followers 37 Following Official MHT Twitter account. Check out ID Ransomware (created by @demonslay335). More photos & gifs, less malware.
The DFIR Report @TheDFIRReport
67K Followers 0 Following Real Intrusions by Real Attackers, the Truth Behind the Intrusion
ThreatMon Ransomware ... @TMRansomMon
18K Followers 2 Following ThreatMon End-to-End Threat Intelligence Platform Developed by @MonThreat for IOC data and C2 data: https://t.co/GHSgNatwbC
International Cyber D... @IntCyberDigest
169K Followers 290 Following Your weekly go-to cybersecurity newsletter, curated and commented on by our senior analysts.
CHA Minseok(Jacky) @xcoolcat7
1K Followers 3K Following 사이버위협 인텔리전스 연구원 / 평생 덕후를 꿈꾸는 일반인 / 신해철, N.EX.T, Nine Muses, tripleS 팬 / 1980-1990 년 대 추억 놀이 : 8 비트 컴퓨터, 게임, 영화, 드라마, 애니, 음악 / 은퇴 후 가족과 세계 여행 목표
Threat Intelligence @threatintel
115K Followers 366 Following Symantec and Carbon Black's threat hunters bring you the latest threat intelligence from the IT security world.
MalDev Academy @MalDevAcademy
20K Followers 8 Following Providing specialized, module-based security training and resources designed for cyber security professionals
Dark Web Informer Int... @DarkWebIntelBot
4K Followers 1 Following This bot is currently in park status as of Feb 12th, 2026, due to X's new pay-per-use API. I encourage you to subscribe to the platform for uninterrupted access
Hunt.io @Huntio
6K Followers 935 Following https://t.co/9I6nRUiFjm is a service that provides threat intelligence data about observed network scanning and cyber attacks.
OSINT Industries @OSINTindustries
24K Followers 1 Following OSINT-powered tools for email and phone number investigations. Telegram: https://t.co/wzX59rY4LS Linkedin: https://t.co/ivbM2gkKnq
Dominic Alvieri @AlvieriD
20K Followers 324 Following Cybersecurity Analyst | Security Researcher | CTI Deleted my own Facebook and hacked yours. https://t.co/jpm0COr5fY
PRODAFT @PRODAFT
9K Followers 11 Following Proactive Defense Against Future Threats | Pioneering #CyberSec and #ThreatIntelligence in Europe & MENA since ’12. CTI Platform: #USTA Risk Intel: #BLINDSPOT
DigitalAsset @DGTL_ASSET
801 Followers 55 Following We aim to bridge the information gap between the publuic and the digital asset industry. | Telegram: https://t.co/cHeEvqKVa3
OSINTdefender @sentdefender
2.3M Followers 2K Following Open Source Intelligence Monitor focused on Europe and Conflicts across the World. RT ≠ Endorsement. Want to Support my Work? https://t.co/PcUbewvWPr
DarkShadow @darkshadow2bd
7K Followers 4 Following Ethical Hacker | Penetration Tester | Security Researcher | Bug Hunter | Exploit Developer. 🔥~For more Join my New telegram Channel👉🏼 https://t.co/9p1yvzluA4 ✨You might like
