A threat actor has purportedly claimed to be vending unauthorized VPN access to a prominent Japanese corporation operating within the automotive industry. The threat actor alleges that the network, headquartered in Japan and spanning over 60 factories and offices globally across Europe, Asia, and the USA, yields substantial earnings of $15 billion. The offer purportedly includes VPN access for over 20 users, along with domain access from a user with local administrator privileges on various servers, including backup and database servers. Additionally, the package encompasses access to 54 domain controllers spread across factories and countries, primarily in the UK, USA, and Mexico. The threat actor asserts the sale is prompted by resource constraints and emphasizes sales only, with a starting price of $40,000, increasing in $5,000 increments, with a “Flash” option at $111,000.
The network allegedly remains unanalyzed to evade detection, with initial research revealing the presence of VMware ESXI, HyperVi Windows, and NAS SYNOLOGY. Despite the lack of detailed network analysis, the threat actor claims to provide proofs of network access, including a network scan and user information. However, they warn against offers of assistance, highlighting their sole intent to sell. This development underscores the persistent threat of cyberattacks targeting major corporations, highlighting the need for robust cybersecurity measures to safeguard sensitive networks and data.