Recently, Shadow Banker had the privilege of interviewing Sentap, one of the littest illicit data and access brokers operating on the Dark Web today.
The only security vendors that have previously given Sentap any ink are ZeroFox and Underdark.AI (in a LinkedIn post). Per a May 2025 ZeroFox intelligence briefing, “Sentap’s recent online activity indicate that the actor has been involved in an array of malicious cyber activities that include website cloning, bypassing Web Application Firewalls (WAF), and crypto draining.”
But more significantly, Sentap is responsible for some of the most impactful, non-ransomware-related black-market data breach advertisements over the last six months. Notably, the threat actor, who previously collaborated with the Funksec cybercrime collective (until he got sick of them), has a strong track record of breaching critical infrastructure targets, including satellite communications (SATCOMs) firms, mining and metals organizations, energy operators, defense entities, and venture capital bros.
Most recently, the threat actor hit GreenHills Ventures, a lower-middle market VC.
Overall, some of the Sentap’s “greatest hits” include Turkish SATCOM firm Navee Technology, Peruvian mining consultants IMSS Consultores, Indonesian SATCOM operator PT Pasifik Satelit Nusantara (PSN), and Spanish defense firm GTD System and Software Engineering.
Shadow Banker recently reached out to Sentap on one of the Russian-language cybercrime forums and asked him if he would like to participate in an interview. Sentap was nice enough to accept Shadow Banker’s interview request, so here we are, gaining valuable insights into the mind of one of the Dark Web’s most prolific “data thugs” and “cyber peddlers.”
Notably, Sentap dropped some jewels about the market dynamics surrounding nuclear data leaks, which are deathly relevant in the wake of Trump’s Iran strikes.
While a cyberattack on a major, commercial U.S. nuclear target (like Constellation) may not be the most likely scenario, it does represent the most symmetric form of counterstrike, especially given Iran’s limited military capabilities.
Any who, and without further ado, here is the interview.
SB: How long have you been active in hacking/cybercrime?
Sentap: For over 12 years, i’ve been working solo in the cyber realm. my focus has always been on identifying and exploiting vulnerabilities in high-value digital systems. this time has let me hone my skills in penetrating complex systems and turning sensitive data into profit, all without relying on groups or organizations….
SB: But didn’t you used to be part of the Funksec collective? That’s what it says in this Asec intel briefing?
Sentap: Yeah, I was part of Funksec for a while. during my time there, i identified and proposed about 95% of the targets. Those were picked based on my detailed analysis of data value, exploitable vulnerabilities, and market demand on underground platforms. I played a central role in crafting intrusion strategies and executing successful operations for the group.
But due to fundamental disagreements with the group’s management, I decided to split. The clashes were mostly about differing views on operational priorities and risk management. as a solo player focused purely on financial gain and high efficiency, I chose to maintain my independence and continue alone. group work, while potentially lucrative, often comes with managerial complexities and extra risks that don’t vibe with my style.
Also, regarding the Asec report, those analyses are usually built on incomplete info or speculation. I have no ties to Funksec anymore, and all my current activities are solo. My focus remains on pinpointing high-value financial targets and exploiting their system weaknesses, with no reliance on groups or entities. if Asec or others think I’m still linked to Funksec, it’s just a misunderstanding, likely stemming from my past involvement. And let’s be clear—the group doesn’t even exist anymore; it’s been disbanded. Ultimately, I keep operating as Sentap: independent, profit-driven, and always one step ahead of the security systems I target.
SB: When did you leave Funksec?
Sentap: I left Funksec in December 2024. After my departure, I completely cut ties with the group and was no longer privy to their internal details or future plans.
SB: What made you want to become a hacker?
Sentap: My main drive was to make money by tackling complex technical challenges. digital systems are riddled with security flaws that, if properly identified, can lead to significant financial opportunities. I chose this field as a professional path for profit, not for political or ideological reasons. For me, hacking is a strategic game with rewards cashed out in data markets.
Early small wins, like selling access to insecure servers, showed me this could be a full-blown career. My time at Funksec reinforced this, as I saw how picking the right targets and executing precisely could yield huge profits. Even after going solo, this financial drive kept me going. Hacking, for me, is a way to leverage smarts and skills in a market with limitless financial rewards, as long as you play it smart and low-risk.
SB: What is your technical background? How did you get the skills to do what you do?
Sentap: My technical background is a mix of deep self-learning, hands-on experience in real-world environments, and systematic study in computer science and cybersecurity. I got hooked on programming and system analysis as a young teen, teaching myself languages like Python, C, and Assembly. This foundation let me grasp software and hardware structures at a low level.
Later, I zeroed in on network security, cryptographic protocols, and reverse engineering. My skills in analyzing software vulnerabilities and network protocols (like tcp/ip and http) grew through personal experiments and engaging in underground cyber communities. While with Funksec, my abilities in designing multi-stage attack chains and exploiting system weaknesses—like misconfigurations and zero-days—reached a professional level.
Though I lack formal academic credentials, I’ve mastered cybersecurity through years of experience, studying security protocols (like Kerberos and 0auth), and working with advanced tools like Metasploit, Burp Suite, and my own custom scripts. My background is entirely practical and results-driven, focused on turning technical know-how into financial profit.
My skills come from three main paths: self-learning, hands-on experience, and absorbing knowledge from the cyber ecosystem.
Self-Learning: starting in the late 2000s, I dove into technical docs like network protocol RFCs and security whitepapers. Books like the art of exploitation by Jon Erickson and online resources like Exploit-DB and OWASP helped me grasp core intrusion and exploitation concepts. iIset up personal labs to simulate attacks like MITM and SQL Injection.
Hands-On Experience: my first breaches into small, insecure systems—like local websites with outdated CMS—gave me confidence and real-world experience. At Funksec, I tackled complex targets like enterprise infrastructure, professionally refining techniques like privilege escalation, lateral movement, and obfuscation. Each operation taught me new lessons about bypassing ids/ips and minimizing my footprint.
Cyber Ecosystem Learning: In dark web forums and platforms like Raid Forums (before it shut down) and similar markets, I expanded my knowledge by analyzing other actors’ tools, exploits, and methods. These spaces kept me in sync with the latest techniques, like supply-chain attacks or exploiting new RCEs.
Today, a blend of advanced scripting, OSINT analysis, and targeted social engineering—like spear-phishing with custom payloads—let’s me breach high-value systems. I’m constantly updating my skills to stay ahead of modern tech like EDRs or Zero Trust protocols.
SB: Who are your idols in the cybercriminal underworld?
Sentap: I don’t look up to specific individuals as role models, but i respect the financial success of solo players in the cyber ecosystem. Those who’ve quietly made big profits by exploiting complex vulnerabilities inspire me. My focus is on their techniques, not their identities or fame.
SB: How many data breaches have you successfully performed?
Sentap: Counting exact intrusions is tricky, but over my career, I’ve pulled off dozens of successful breaches into high-value financial systems. Each was carefully chosen to maximize profit with minimal risk. My focus is on the quality of extracted data and its market demand, not just the number of intrusions.
SB: You have been behind some very impactful breaches and access listings? The most notable ones for me are GTD system and software engineering, IMSS Consultores, the Turkish logistics one (which I can’t find anymore), and the SNL S5 Satellite project in Indonesia. Which one are you the most proud of and why? Also, which breach do you think is the most significant out of all the ones you have posted?
Sentap: Financially, the GTD system breach stands out for me, not because of the geopolitical ripple effects it accidentally triggered, but due to the sheer volume and quality of the extracted data, which had massive market demand. That breach let me rake in significant profits since the data included sensitive, unique info that buyers were willing to pay top dollar for.
But in terms of significance, I rate the SNL S5 Project breach in Indonesia higher, as the satellite infrastructure data was exceptionally valuable due to its rarity and strategic applications. I don’t take particular pride in these breaches; for me, success is measured purely by revenue and operational efficiency.
SB: On Twitter, some people have implied a connection between the GTD hack and the Iran strikes?
Sentap: The connection was entirely coincidental. as a solo player focused purely on financial gain, I have zero interest in geopolitics or international conflicts. The GTD breach was a business decision based on the value of the target data and the system’s vulnerabilities. speculation on twitter or elsewhere is just a misunderstanding or overinterpretation. I have no ties to any government or political group….
SB:Obviously, with all the geopolitical conflict and your aggressive targeting of critical infrastructure organizations, some people are going to wonder whether your persona is a cover for a state-sponsored threat group. What is your response to those suspicions?
Sentap: Those speculations are baseless. I’m a solo actor driven solely by financial profit. I have no ties to governments, organizations, or threat groups. My targets are chosen based on their financial potential and exploitable vulnerabilities, not political motives. Critical infrastructure often holds valuable data with high demand in underground markets—that’s the only reason I target them. I work alone and don’t need support or cover from any entity…
SB: Generally speaking, what methods do you prefer to use as a means of compromising your targets?
Sentap: I use a mix of advanced, multi-stage techniques for intrusions, including:
Social Engineering: Exploiting human errors, like targeted spear-phishing with personalized emails for initial access.
Vulnerability Exploitation: Identifying and leveraging software flaws, such as zero-days or known but unpatched vulnerabilities (e.g., recent CVEs).
Network Analysis: Using advanced scanning tools (like Nmap or Burp Suite) to pinpoint weaknesses in network configurations.
Privilege Escalation: Exploiting OS or internal software weaknesses to gain root or admin access.
Custom Tools: Proprietary scripts to automate processes and minimize my footprint.
My focus is on low-and-slow methods to evade detection by IDA/IPS systems. each operation is tailored to the specific target for maximum efficiency and profitability.
SB: How do you select targets?
Sentap: Target selection is entirely driven by financial analysis. I use data from underground markets and dark web platforms to identify organizations whose data—like financial records, intellectual property, or infrastructure details—has high demand. Then, I assess their vulnerabilities using scanning tools and public info (OSINT). my criteria include:
- Data value in the market.
- System security level (weaker security means lower intrusion costs)
- Likelihood of detection and traceability (targets with poor monitoring systems get priority).
SB: How come you don’t deploy ransomware?
Sentap: Ransomware doesn’t appeal to me—it’s high-risk and requires complex infrastructure for handling payments and negotiations. Selling data or access directly on dark web markets is simpler, faster, and more profitable. Ransomware also draws more law enforcement attention, which clashes with my solo, low-profile approach. I prefer extracting data, selling it to the right buyers, and cashing out without direct victim engagement.
SB: How much money have you made from selling access and stolen data?
Sentap: My income depends on factors like data type, market demand, and intrusion complexity. It comes from sales on dark web platforms and direct deals with trusted buyers. iId rather not share more details, as keeping financial privacy is critical for my operational security.
SB: What do you think of Scattered Spider’s recent campaigns targeting aviation?
Sentap: Scattered Spider’s campaigns are technically impressive, especially their use of advanced social engineering and multi-stage attack chains. However, their style differs from mine, as they focus on ransomware and extortion, which carry high risks. financially, targeting the aviation sector makes sense, since its data—like flight info or intellectual property—has high value. I work solo and steer clear of such groups, but I analyze their techniques from a professional perspective.
SB: Have you considered collaborating with Scattered Spider or Qilin or any other similar threat groups?
Sentap: No, I work solo and have no interest in collaborating with groups. Group work increases operational complexity and security risks, including potential leaks or internal conflicts. my style is based on complete independence, tight control over operations, and minimizing my footprint. partnering with groups like Scattered Spider or Qilin might offer short-term gains, but it doesn’t align with my long-term strategy for privacy and sustainable profitability.
SB: What ransomware group impresses you the most right now?
Sentap: From a technical perspective, groups like ALPHV (BlackCat) stand out for their sophisticated tools and ability to breach high-security systems. Still, I’m not into ransomware—as I mentioned, selling data is more profitable and less risky for me. I pay closer attention to these groups’ intrusion techniques to refine my own methods, not their business model.
SB: Do you have any big data breach announcements on the horizon?
Sentap: I operate strategically, only announcing breaches when it’s financially beneficial or boosts market demand. Right now, I’m working on a few high-potential financial targets, but I won’t share details until the time is right. My goal is always to maximize profit with minimal noise.
SB: How do you feel about targeting nuclear energy organizations? How vulnerable do you think these targets are?
Sentap: From a financial perspective, nuclear energy organizations can be attractive targets since their data—like technical designs or operational details—fetches top dollar in niche markets. However, they typically have robust cybersecurity, and breaching them demands significant resources and time. Their vulnerabilities depend on factors like outdated SCADA systems, unpatched software, or human errors in the supply chain. I’d only pursue such targets if a cost-benefit analysis shows the financial payoff justifies the risk.
SB: Have you seen significant nuclear breaches successfully sold online?
Sentap: Nuclear breaches are rare due to the extreme sensitivity and complex security measures surrounding such data, making successful sales on online markets challenging. for instance, in 2025, confidential documents from Russia’s nuclear facilities, including detailed plans of strategic missile bases in the orenburg region, were accidentally exposed in public procurement databases. Discovered by outlets like Danwatch and Der Spiegel, these included details on nuclear infrastructure upgrades, like missile silos equipped with avangard systems. While not a traditional “breach,” this exposed security gaps that could lead to unauthorized access. However, there’s no credible evidence of these data being successfully sold on the dark web, as such information is typically snapped up by intelligence agencies or well-funded buyers like governments, rarely appearing on public markets.
Personally, I haven’t dealt with nuclear data in my operations. these datasets are not only hard to access due to the high security of nuclear facilities—like isolated SCADA systems and multi-layered protocols—but selling them carries extreme legal and operational risks. Buyers are usually limited to state actors or well-resourced organized groups, which doesn’t align with my solo, low-risk, quick-profit approach.
Overall, while dark web markets are flooded with sensitive data—like financial records, intellectual property, or critical infrastructure access—successful nuclear breaches leading to online sales are exceedingly rare due to access difficulties and sales complexities. I prefer targeting data with higher market liquidity and lower risk.
SB: If there is any other interesting comment or statement you would like to make, please feel free to share.
Sentap: I’m a solo player competing in the cyber world for financial gain. For me, this field is a market where technical skills turn into cash. There’s no political, ideological, or personal motive in my work. My advice to organizations is to take cybersecurity seriously, as their weaknesses directly fuel profits for players like me. Ultimately, I’m chasing the next challenge and new financial opportunities, and this game never stops.
