Multiple Accesses from UK, Canada, US, Brazil for Sale

A post on a cybercrime forum is advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
Updated on
February 27, 2023
Published on
July 28, 2021
Read time
5
Subscribe to the latest industry news, technologies and resources.
Category Adversary Intelligence
Industries Multiple
Region UK, Canada, US, Brazil

Executive Summary

  • CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
  • The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
  • CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.
Affected Assets/ Companies
According to the threat actor’s post, access of the following entities have been compromised:
Industry Country Revenue Type of the access
University United Kingdom $596 Million Access to workspace, user rights
Institute Canada $256 Million Access to workspace, user rights
Government Canada $1.8 Billion VPN access, user rights
- US $50 Million AnyConnect Cisco, user rights
University US $2 Billion AnyConnect Cisco, user rights
Center for health care, education, and research Brazil $20 Million PaloAlto Networks, user rights
Center for health care, education, and research Canada $53 Million PaloAlto Networks, user rights

Impact & Mitigation

Impact Mitigation
The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as:
  • Ransomware attack
  • Deploying malware(s) to victim companies
  • Breach of data and other sensitive information
  • Sabotage attacks
  • Targeting third party vendors of the affected company
  • Use strong passwords and observe password policy best practices.
  • Enable multi-factor authentication for all online accounts.
  • Don’t share OTPs with third parties.
  • Review all online accounts and financial statements, regularly.
  • Update apps and softwares regularly.
  • Use the latest versions of antivirus and anomaly detection softwares.
  • Review and audit network and system logs.
Appendix
[caption id="attachment_17602" align="aligncenter" width="390"] Threat actor’s post on the cybercrime forum[/caption]

Get Global Threat Intelligence on Real Time

Protect your business from cyber threats with real-time global threat intelligence data.. 30-day free and No Commitment Trial.
Schedule a Demo
Real time Threat Intelligence Data
More information and context about Underground Chatter
On-Demand Research Services
Related Intelligence Posts
No items found.