Multiple Accesses from UK, Canada, US, Brazil for Sale

A post on a cybercrime forum is advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
Updated on
April 19, 2023
Published on
July 28, 2021
Subscribe to the latest industry news, threats and resources.
Category Adversary Intelligence
Industries Multiple
Region UK, Canada, US, Brazil

Executive Summary

  • CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
  • The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
  • CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.
Affected Assets/ Companies
According to the threat actor’s post, access of the following entities have been compromised:
Industry Country Revenue Type of the access
University United Kingdom $596 Million Access to workspace, user rights
Institute Canada $256 Million Access to workspace, user rights
Government Canada $1.8 Billion VPN access, user rights
- US $50 Million AnyConnect Cisco, user rights
University US $2 Billion AnyConnect Cisco, user rights
Center for health care, education, and research Brazil $20 Million PaloAlto Networks, user rights
Center for health care, education, and research Canada $53 Million PaloAlto Networks, user rights

Impact & Mitigation

Impact Mitigation
The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as:
  • Ransomware attack
  • Deploying malware(s) to victim companies
  • Breach of data and other sensitive information
  • Sabotage attacks
  • Targeting third party vendors of the affected company
  • Use strong passwords and observe password policy best practices.
  • Enable multi-factor authentication for all online accounts.
  • Don’t share OTPs with third parties.
  • Review all online accounts and financial statements, regularly.
  • Update apps and softwares regularly.
  • Use the latest versions of antivirus and anomaly detection softwares.
  • Review and audit network and system logs.
[caption id="attachment_17602" align="aligncenter" width="390"] Threat actor’s post on the cybercrime forum[/caption]

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Dashboard mockup
Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.
Trusted by 400+ Top organisations