Category | Adversary Intelligence |
Industries | Multiple |
Region | UK, Canada, US, Brazil |
Executive Summary
- CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
- The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
- CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.
Affected Assets/ Companies
According to the threat actor’s post, access of the following entities have been compromised:Industry | Country | Revenue | Type of the access |
University | United Kingdom | $596 Million | Access to workspace, user rights |
Institute | Canada | $256 Million | Access to workspace, user rights |
Government | Canada | $1.8 Billion | VPN access, user rights |
- | US | $50 Million | AnyConnect Cisco, user rights |
University | US | $2 Billion | AnyConnect Cisco, user rights |
Center for health care, education, and research | Brazil | $20 Million | PaloAlto Networks, user rights |
Center for health care, education, and research | Canada | $53 Million | PaloAlto Networks, user rights |
Impact & Mitigation
Impact | Mitigation |
The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as:
|
|