A threat actor has surfaced on a dark web forum, allegedly selling network access to a host shared by Finnish telecommunications giant Nokia and French IT services multinational Atos. The seller claims to be offering a “full interactive reverse shell,” which would grant a buyer deep-level access to the shared system, and suggests it could be used to launch a ransomware attack or for other malicious purposes. The post implies a potential collaboration or shared infrastructure between the two technology giants.
Nokia, a cornerstone of the global telecommunications industry from Finland, and Atos, a major player in digital transformation and IT consulting from France, are both critical entities in the technology sector. A compromise of their shared systems could have significant repercussions. To substantiate their claims, the threat actor also leaked what appear to be credentials belonging to employees from both Nokia and Atos, as well as another company, Interlink-ua.com. The alleged data for sale includes:
- Full interactive reverse shell access
- Employee email addresses
- Hashed passwords
This incident highlights the persistent threat of initial access brokers who compromise corporate networks and sell that access to other cybercriminals. Both companies have yet to issue a public statement regarding the alleged breach.
