An online threat actor is allegedly selling administrative access to the infrastructures and servers of an undisclosed US corporation that operates in the Energy Utilities, Oil & Gas, Waste Treatment, and Electricity sectors.
This discovery was made by DarkWebInformer, an active Twitter user who is known for his monitoring of illegal online activities on the underground internet.
The basis for this finding is that a Remote Desktop Access (RDWEB) for the said company has been listed for sale on a dark web forum by a user known as sandocan whose identity remains unknown.
According to reports, the compromised access includes a wide range of privileges, including domain administration rights and the ability to control over more than 430 computers that are connected to the organization's infrastructure and domains.
RD Web access is a critical service that allows users with the right account credentials to securely connect to a company's internal systems using a compatible web browser.
This implies that the threat actor is selling illegal entry to the company's infrastructure, which they may have obtained the credentials through illegitimate means.
The threat actor's post does not specify the company in question; however, it is reported that the organization generates an annual revenue exceeding $154 million.
This sale is being conducted exclusively through a dark web forum auction, with bidding opening at $15,000 and increasing incrementally by $2,500. Additionally, an expedited sale option is available for $20,000.
Knowing the scale and size of the unnamed company, this situation has the potential to have significant security risks, regardless of whether they are aware that their systems have been compromised. Unauthorized access to their infrastructure, particularly at the administrative level, can disrupt operations and pose severe financial and reputational risks.
This being said, it is also uncertain whether the forum post posted by the threat actor is valid, as there is no evidence or proof of access provided in the post.