A threat actor has allegedly posted a significant sale of network access credentials to numerous high-value organizations across the United States, Europe, and Asia. The advertisement, spotted on a cybercrime forum, offers remote entry into entities spanning critical sectors such as industrial machinery, higher education, and government. The scale of the alleged victims is substantial, with the post claiming targets include a US-based industrial equipment firm with over $5 billion in revenue and a Malaysian government body with a revenue exceeding $1 billion.
The cybercriminal is allegedly selling various types of remote access, which could provide buyers with an initial foothold to launch further cyberattacks, including ransomware and data theft. The prices for this alleged access range from $500 to as high as $60,000, seemingly correlated with the organization’s size and the level of administrative privilege offered. The seller claims to be offering verified credentials for widely used corporate and government network access points, indicating a potentially severe security breach for the involved entities.
The types of allegedly compromised access points for sale include:
- Pulse Secure domain user access
- RDweb domain user access
- Cisco domain admin access
- Global Protect domain user access
- Cisco VPN user access
