Multiple Accesses from UK, Canada, US, Brazil for Sale

A post on a cybercrime forum is advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.

Updated on

April 19, 2023

Published on

July 28, 2021

Read MINUTES

Subscribe to the latest industry news, threats and resources.

Table of Contents

This is also a heading
This is a heading

Category	Adversary Intelligence
Industries	Multiple
Region	UK, Canada, US, Brazil

Executive Summary

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.

Affected Assets/ Companies

According to the threat actor’s post, access of the following entities have been compromised:

Industry	Country	Revenue	Type of the access
University	United Kingdom	$596 Million	Access to workspace, user rights
Institute	Canada	$256 Million	Access to workspace, user rights
Government	Canada	$1.8 Billion	VPN access, user rights
-	US	$50 Million	AnyConnect Cisco, user rights
University	US	$2 Billion	AnyConnect Cisco, user rights
Center for health care, education, and research	Brazil	$20 Million	PaloAlto Networks, user rights
Center for health care, education, and research	Canada	$53 Million	PaloAlto Networks, user rights

Impact & Mitigation

Impact	Mitigation
The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as: Ransomware attack Deploying malware(s) to victim companies Breach of data and other sensitive information Sabotage attacks Targeting third party vendors of the affected company	Use strong passwords and observe password policy best practices. Enable multi-factor authentication for all online accounts. Don’t share OTPs with third parties. Review all online accounts and financial statements, regularly. Update apps and softwares regularly. Use the latest versions of antivirus and anomaly detection softwares. Review and audit network and system logs.

Appendix

[caption id="attachment_17602" align="aligncenter" width="390"]

Threat actor’s post on the cybercrime forum[/caption]

CloudSEK Platform is a no-code platform that powers our products with predictive threat analytic capabilities.

Table of Contents

This is also a heading
This is a heading

Recent Articles

Critical CSRF Vulnerability in IBM CICS TX - CVE-2023-42027 Demands Immediate Action

November 15, 2023

CVE-2023-43792 baserCMS is a website development framework vulnerable to Code Injection attacks

November 6, 2023

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.

Schedule a Demo

Real time Threat Intelligence Data

More information and context about Underground Chatter

On-Demand Research Services

Global Threat Intelligence Feed

Protect and proceed with Actionable Intelligence

The Global Cyber Threat Intelligence Feed is an innovative platform that gathers information from various sources to help businesses and organizations stay ahead of potential cyber-attacks. This feed provides real-time updates on cyber threats, including malware, phishing scams, and other forms of cybercrime.

Trusted by 400+ Top organisations

Get started

Learn more