A threat actor is allegedly selling Remote Desktop Protocol (RDP) access to a construction company based in Saudi Arabia. In a post on a specialized forum, the seller provided details about the target, identifying it as a firm within the Commercial & Residential Construction industry with a stated revenue of $273.4 million. The sale of direct network credentials presents a serious risk to the targeted organization.
The RDP access is being offered for a starting price of $1,000. RDP allows a user to control a computer or server remotely, meaning a malicious actor could gain a direct foothold inside the company’s network. This could be used to execute further attacks, such as deploying ransomware or stealing sensitive corporate data. The post also notes the company uses Sophos antivirus and that the seller is open to a “collaboration for %,” indicating a potential partnership to exploit the alleged access for a share of the profits.
While the specific identity of the company remains unknown, the listing itself is a security alert for organizations in the region. The claims made by the threat actor have not been independently verified.