A threat actor has allegedly posted an offer on a dark web forum to sell network access to a large, unnamed corporation based in India. According to the post, the victim company has an annual revenue of over $400 million and a corporate network consisting of more than 4,000 hosts. The seller has set an asking price between $2,000 and $2,500 for this highly privileged access.
The gravity of this alleged breach is highlighted by the level of access being sold. The threat actor claims to provide full ‘Domain Admin’ privileges, which would give a buyer complete and unrestricted control over the company’s entire IT infrastructure. This “keys to the kingdom” level of access is reportedly available through a combination of VPN and Remote Desktop Protocol (RDP), indicating a potential compromise of the company’s remote work infrastructure.
This incident is a classic example of the work of an Initial Access Broker (IAB), a type of cybercriminal who specializes in infiltrating corporate networks and then selling that access to other malicious parties. The buyers are often ransomware gangs who use the access to deploy their malware and extort the victim. While the targeted company has not been identified, the sale of such high-level access poses a severe and imminent threat of a major cyberattack, such as a devastating ransomware incident or large-scale data theft.
