A threat actor has allegedly gained unauthorized access to the web server of a Turkish bus company’s “Özel Halk Otobüsü Bilgi Sistemi” (Private Public Bus Information System). The actor is offering a webshell for sale on a dark web forum, which would grant the buyer remote access and the ability to execute commands on the company’s server. The asking price for this access is listed as $50 in Monero. The post included screenshots as proof of the compromise, showing a command being executed on the server, confirming the actor’s access.
The victim is an entity responsible for managing information systems for private public buses in Turkey, a crucial part of the country’s public transportation infrastructure. A breach of this nature is significant as it could potentially disrupt transportation services, expose sensitive operational data, or serve as an entry point for more severe attacks, such as ransomware deployment. The threat actor also shared domain metrics like Domain Authority and the number of backlinks, likely to make the offer more attractive to potential buyers for various malicious purposes.
While the advertisement focuses on selling server access rather than a specific database, the presence of a web shell on the server poses a severe risk to any data stored or processed by the system. At this time, no specific files or databases have been listed as stolen, but the access itself represents a critical security failure for the transportation entity.
