Multiple Accesses from UK, Canada, US, Brazil for Sale

CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.

According to the threat actor’s post, access of the following entities have been compromised:

Industry	Country	Revenue	Type of the access
University	United Kingdom	$596 Million	Access to workspace, user rights
Institute	Canada	$256 Million	Access to workspace, user rights
Government	Canada	$1.8 Billion	VPN access, user rights
-	US	$50 Million	AnyConnect Cisco, user rights
University	US	$2 Billion	AnyConnect Cisco, user rights
Center for health care, education, and research	Brazil	$20 Million	PaloAlto Networks, user rights
Center for health care, education, and research	Canada	$53 Million	PaloAlto Networks, user rights

Impact	Mitigation
The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as: Ransomware attack Deploying malware(s) to victim companies Breach of data and other sensitive information Sabotage attacks Targeting third party vendors of the affected company	Use strong passwords and observe password policy best practices. Enable multi-factor authentication for all online accounts. Don’t share OTPs with third parties. Review all online accounts and financial statements, regularly. Update apps and softwares regularly. Use the latest versions of antivirus and anomaly detection softwares. Review and audit network and system logs.