iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
A threat actor has reportedly sold firewall access to an FBI subdivision base in a listing on a popular hacking forum.
Threat actor “miyako” listed the alleged access in a post to the forum, asking for US$2,000.
According to the listing, root access to a server hosting the firewall for the subdivision was for sale.
This listing, which was made on 14 December, has since been updated to say the access had been sold.
Cyber Daily has been unable to verify which subdivision the access was allegedly for, nor if the access is legitimate.
However, miyako has begun building a reputation for large breaches as of late.
On 12 December, the threat actor listed root access to a server hosting the firewall for a US Air Force base, which also sold for US$800.
Other sold listings as of late include a US ISP that the threat actor says has a revenue of over US$1 billion and a listing pertaining to computer manufacturer ASUS.
The listings are generally quite vague, with no proof of breach or any other details other than the listed price.
According to miyako’s listings, however, they are part of the HELLCAT threat group, which could be the same group that claimed an attack on Schneider Electric last month.
On 4 November, a threat actor by the name of “greppy”, who is part of the HELLCAT group, posted to X to taunt the French multinational.
“Hey @SchneiderElec how was your week?” the threat actor said.
“Did someone accidentally steal your data and you noticed, shut down the services and restarted without finding them? Now you shut down again but the criminals seem to have taken more juicy data.”
In a reply to their own tweet, the threat actor also posted a sample of the stolen data, which appears to be email addresses, links to JIRA accounts and links to Gravatar accounts. Gravatar is a platform that allows users to create a digital avatar to accompany their email address.
“This breach has compromised critical data, including projects, issues, and plugins, along with over 400,000 rows of user data, totaling more than 40GB compressed data.
“To secure the deletion of this data and prevent its public release, we require a payment of $125,000 USD in Baguettes. Failure to meet this demand will result in the dissemination of the compromised information.
“Stating this breach will decrease the ransom by 50%, its your choice Olivier...,” the threat group said, naming Schneider Electric’s new CEO Olivier Blum, who was appointed earlier that week.
Be the first to hear the latest developments in the cyber industry.
