Threat Actor: Unknown | Unknown
Victim: Indonesian cloud service provider | Indonesian cloud service provider
Price: Not specified
Exfiltrated Data Type: Not specified
Key Points :
- A threat actor on a dark web forum is allegedly selling SYSMON Administrator access for an Indonesian cloud service provider.
- The access offers full control over 11,903 devices, including servers, hypervisors, workstations, network devices, firewalls, and virtual machines.
- The starting price for the access was set, and an auction-style incremental process began with each step costing 1000 USD.
A threat actor on a dark web forum published a SYSMON Administrator access for an Indonesian cloud service provider offering solutions including multi-data center services, cloud, cyber security, office collaboration, disaster recovery, cloud software, and much more.
According to the post, the alleged access for sale offers full control over 11,903 devices, including 550 servers, 10 hypervisors, 7 workstations, 3 network devices, 6 firewalls, and 11,325 virtual machines, encompassing over 600 TB of data. With the alleged access, one can connect to any of the devices through TELNET/SSH/SFTP/HTTP and edit any of the devices.
The threat actor set the starting price for the alleged access and an auction-style incremental process started to sell the access where every step is 1000 USD. A Telegram handle and a TOX ID is also included in the post.
The post Alleged SYSMON Admin Access for an Indonesian Cloud Service Provider is For Sale appeared first on Daily Dark Web.