Multiple Accesses from UK, Canada, US, Brazil for Sale

Summary

A post on a cybercrime forum is advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
Category Adversary Intelligence
Industries Multiple
Region UK, Canada, US, Brazil

Executive Summary

  • CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
  • The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
  • CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.
Affected Assets/ Companies
According to the threat actor’s post, access of the following entities have been compromised:
Industry Country Revenue Type of the access
University United Kingdom $596 Million Access to workspace, user rights
Institute Canada $256 Million Access to workspace, user rights
Government Canada $1.8 Billion VPN access, user rights
- US $50 Million AnyConnect Cisco, user rights
University US $2 Billion AnyConnect Cisco, user rights
Center for health care, education, and research Brazil $20 Million PaloAlto Networks, user rights
Center for health care, education, and research Canada $53 Million PaloAlto Networks, user rights

Impact & Mitigation

Impact Mitigation
The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as:
  • Ransomware attack
  • Deploying malware(s) to victim companies
  • Breach of data and other sensitive information
  • Sabotage attacks
  • Targeting third party vendors of the affected company
  • Use strong passwords and observe password policy best practices.
  • Enable multi-factor authentication for all online accounts.
  • Don’t share OTPs with third parties.
  • Review all online accounts and financial statements, regularly.
  • Update apps and softwares regularly.
  • Use the latest versions of antivirus and anomaly detection softwares.
  • Review and audit network and system logs.
Appendix
Threat actor’s post on the cybercrime forum

Table of Contents

Request an easy and customized demo for free