A threat actor has recently posted an offer on a dark web forum, claiming to possess unauthorized access to the internal network of a U.S.-based financial and trading company with an estimated annual revenue of $100 million.
The individual claims to have established backdoors on several of the company’s websites, which could potentially serve as entry points into the company’s internal systems. Additionally, the threat actor is offering passwords to internal machines and access to an Active Directory (AD) machine with local administrator privileges. The post suggests that the access could be used to deploy ransomware or engage in other malicious activities.
The actor, who appears to be uncertain about the value of the access, is soliciting offers through the dark web forum or via encrypted communication channels.
The threat actor provided a Session ID and a TOX ID for interested parties to initiate communication.