Israeli threat researchers claim that entry to Pakistan Intercontinental Airlines’ network is being available for sale on the cyber underground.
On two Russian-talking illegal online community forums and one unique English-speaking forum they had been tracking, a staff at darknet threat intelligence company KELA located a threat actor advertising domain admin connectivity to the airline for $4,000.
On November 9th, Infosecurity Magazine was instructed by a KELA spokesman: “We have been monitoring a threat player that just last week posted domain accessibility for sale to the network of Pakistan Intercontinental Airlines.”
He further added, “Most of the time we are looking at cyber-criminals invest in these original accesses to achieve an initial foothold into the victim’s network, from which they can then complete lateral motion to progress their access privileges and probably hire ransomware or some other type of attack.”
A week after bringing the black industry into the airline’s network, the cyber-criminal revealed that all the databases that remain in the airline’s network were also being sold.
“A sample of the allegedly stolen information was printed by the risk actor, which they claim includes “all facts used by Pakistan Airline including name, past identity, telephone range, passport.”
The crew had also been monitoring ransomware tendencies from their headquarters in Tel Aviv, finding out how first accessibility brokers play a role in the supply chain of this popularly deployed malware in the cybercrime neighborhood.
“The actor mentions that what he is offering involves all-around 15 databases all with various amounts of records—some around 500k information and some about 60k–50k records—but that all records stored in their network are incorporated. What is actually exciting is that this actor can take two different ways to test and monetize,” reported KELA.
If the claims of the risk actor are authentic, they have met the same goal 2 times, leveraging the network entry they reached to the airline’s network to exfiltrate the company’s details. Since July2020, for the period of which the actor offered 38 accesses for sale at a total cost of at least $118,700, KELA’s researchers tracked the danger actor.
“We know he has additional accesses that he gives in person,” KELA further added.
Reference links: thecybersecurity.news
