A threat actor using the name Florence, tied to the Nightmare group, is selling root-level remote code execution and shell access to a firewall protecting the Botswana Government Health Portal. The Linux-based firewall listing is priced at $300 (non-negotiable) and offers capabilities to intercept traffic, modify rules, and pivot into internal healthcare systems. #Florence #BotswanaGovernmentHealthPortal
Keypoints
- Threat actor βFlorenceβ (associated with Nightmare) is selling root RCE and shell access to the Botswana Government Health Portal firewall.
- The compromised device is a Linux-based firewall located at the network perimeter of the health portal.
- Access level is root RCE + shell, enabling arbitrary command execution, firewall rule changes, traffic interception, and persistence.
- The listing price is $300 (non-negotiable) with contact conducted exclusively via Session messaging.
- The incident is rated critical due to risks of patient data exposure, disabling security controls, and lateral movement into government healthcare systems.
DarkWebInformer.com Providing intel from some of the darkest places on the Dark Web & Clearnet. Breaches, Darknet Markets, Ransomware, Threat Alerts, & more!