A recent post on a dark web forum advertises what is allegedly active network access to several US-based companies. The post’s author is seeking to collaborate with other cybercriminals to monetize the access on a percentage basis, rather than selling it outright. The targeted companies, while not named, operate in significant sectors, including Oil and Gas, Consumer Electronics, and Pharmaceuticals, with reported revenues ranging from $22 million to $40 million. This development suggests a dangerous trend of threat actors seeking partnerships to conduct more sophisticated attacks, such as ransomware deployment or corporate espionage.
The forum post claims the seller possesses high-level access within the victims’ networks, potentially bypassing established security measures. The specifics of the alleged access vary by target but include both domain user and highly privileged domain administrator credentials. This level of compromise could grant attackers widespread control over a company’s digital infrastructure. The author also detailed the connection methods available, including Socks 5 and reverse shells, indicating active and persistent access to the compromised networks.
According to the post, the access was gained despite the presence of endpoint detection and response (EDR) and antivirus solutions on the victims’ systems. The details of the alleged compromise include:
- Domain user access to a $22 million US Oil and Gas company.
- Domain user access to a $40 million US Consumer Electronics and Computer Networking firm.
- Domain Admin access to a $35 million US company in the Drug Stores & Pharmacies sector.