Cyber Attack

Unauthorized VPN Access Allegedly Offered to Major Japanese Automotive Corporation

DailyDarkWeb

Threat Actor: Unknown | Unknown
Victim: Major Japanese Automotive Corporation | Major Japanese Automotive Corporation
Price: Starting at $40,000, increasing in $5,000 increments, with a “Flash” option at $111,000
Exfiltrated Data Type: Not specified

Additional Information:

  • The threat actor claims to be selling unauthorized VPN access to a prominent Japanese corporation in the automotive industry.
  • The network is headquartered in Japan and spans over 60 factories and offices globally across Europe, Asia, and the USA.
  • The offer includes VPN access for over 20 users and domain access from a user with local administrator privileges on various servers, including backup and database servers.
  • The package also encompasses access to 54 domain controllers spread across factories and countries, primarily in the UK, USA, and Mexico.
  • The sale is prompted by resource constraints and is focused solely on selling the access.
  • The starting price for the unauthorized VPN access is $40,000, with incremental increases of $5,000. There is also a “Flash” option available at $111,000.
  • The network allegedly remains unanalyzed to evade detection, but the threat actor claims to provide proofs of network access.
  • The threat actor warns against offers of assistance and emphasizes their intention to sell only.
  • This incident highlights the persistent threat of cyberattacks targeting major corporations and emphasizes the need for robust cybersecurity measures.

A threat actor has purportedly claimed to be vending unauthorized VPN access to a prominent Japanese corporation operating within the automotive industry. The threat actor alleges that the network, headquartered in Japan and spanning over 60 factories and offices globally across Europe, Asia, and the USA, yields substantial earnings of $15 billion. The offer purportedly includes VPN access for over 20 users, along with domain access from a user with local administrator privileges on various servers, including backup and database servers. Additionally, the package encompasses access to 54 domain controllers spread across factories and countries, primarily in the UK, USA, and Mexico. The threat actor asserts the sale is prompted by resource constraints and emphasizes sales only, with a starting price of $40,000, increasing in $5,000 increments, with a β€œFlash” option at $111,000.

The network allegedly remains unanalyzed to evade detection, with initial research revealing the presence of VMware ESXI, HyperVi Windows, and NAS SYNOLOGY. Despite the lack of detailed network analysis, the threat actor claims to provide proofs of network access, including a network scan and user information. However, they warn against offers of assistance, highlighting their sole intent to sell. This development underscores the persistent threat of cyberattacks targeting major corporations, highlighting the need for robust cybersecurity measures to safeguard sensitive networks and data.

Original Source: https://dailydarkweb.net/a-threat-actor-allegedly-offers-unauthorized-vpn-access-to-major-japanese-automotive-corporation/