|Region||UK, Canada, US, Brazil|
- CloudSEK’s flagship digital risk monitoring platform XVigil discovered a post on a cybercrime forum, advertising the sale of access from multiple regions including the UK, Canada, US, and Brazil.
- The actor claims that these accesses belong to several industries and institutes including universities and government organizations.
- CloudSEK Threat Intelligence Research team is in the process of validating the authenticity of this post.
Affected Assets/ CompaniesAccording to the threat actor’s post, access of the following entities have been compromised:
|Industry||Country||Revenue||Type of the access|
|University||United Kingdom||$596 Million||Access to workspace, user rights|
|Institute||Canada||$256 Million||Access to workspace, user rights|
|Government||Canada||$1.8 Billion||VPN access, user rights|
|-||US||$50 Million||AnyConnect Cisco, user rights|
|University||US||$2 Billion||AnyConnect Cisco, user rights|
|Center for health care, education, and research||Brazil||$20 Million||PaloAlto Networks, user rights|
|Center for health care, education, and research||Canada||$53 Million||PaloAlto Networks, user rights|
Impact & Mitigation
|The accesses sold by the actor may allow more threat actors to use this information to further other forms of attacks such as: