On May 11, 2024, we observed numerous security reports about ZATCA Saudi Arabia access being offered for sale on one of the most well-known dark web forums (BreachForums) by a threat actor known as “gettexik”

ZATCA Thread

So, our DarkAtlas Squad initiated an investigation into this threat actor.
We began tracking him and successfully discovered his BreachForums account credentials.

We started performing a reverse lookup using our DarkAtlas.io platform, leveraging the leaked password associated with the scammer.
This allows us to trace their digital footprint, uncovering His Mail

After analyzing his leaks through his email, we obtained some valuable information via DarkAtlas.io.

Some of this information included his personal emails and other email accounts associated with him.

After conducting further investigation, we also obtained his phone number.

We noticed that his name is Jakub.

Using the collected data, we created some indicators leading us to his IPs

We also conducted Dark-Web Dorking using his username in the DarkAtlas.io InfoStealer Malware Logs database and found a match!

We observed that he logged in twice from the same IP address. After looking up this IP, we discovered he is based in Poland.

From the data obtained via DarkAtlas.io, he has been signing into multiple educational sites from Poland.

Further investigation revealed that this device belonged to a Polish affiliate

Now we need a photo of him. While conducting OSINT, we discovered that he used a site that provides more followers:

TonFollowers.com

TonFollowers.com is a platform that allows users to gain free Instagram followers, likes, views, and comments without requiring their account passwords. Users can create a free account, add their Instagram profiles, earn coins by completing orders from other users, and then exchange these coins for followers or other engagements on their profiles.

After Searching in The followers’ List, we found gettexik Account

Conclusion:

FullName: Jakub PodwiÄ…zka
IP Address: 91.150.182.131
Phone Number: +48791722579
Address: Trzebownisko 128, 36-001, Polska
Skype: +48791722579
Email: jakubpodwiazka251@gmail.com
TikTok: https://www.tiktok.com/@gettexik
Instagram: https://www.instagram.com/gettexikowy
Alt names: GeTTeX, gettexik, migutkuba
Leaks: ACCESS ZATCA SAUDI ARABIA, GERMAN FEDERATION STATISTICAL DATABASE, THOUSAND BAHRAIN SERVICE ACCOUNT, ACCESS HDFC BANK INDIA
Emails:
migutkuba3@gmail.com
jakubpodwiazka251@gmail.com
gettexpl@gmail.com
jakpod.624@edu.erzeszow.pl
gettex@interia.pl