On January 12, a threat actor posted selling compromised access to four e-commerce sites shops. The access includes iframe payment methods, which are embedded payment pages from a third-party payment service provider (such as a credit card processor or PayPal). Access to the iframe payment page would allow the attacker to harvest any payment information input into the site.
The package includes admin privileges and access to a web shell and database.
While the post does not specify the sites, it does detail the number of cards used for payments for the last three months. This will enable a prospective buyer to assess the number of transactions and approximate profit they could gain.
The starting price is $3,000, with a “buy it now” price of $4,500.
On the underground, we often find threat actors selling access as a service. This includes access to compromised endpoints, domains, and protocols, such as RDP. Instead of figuring out how to secure initial access--the first stage in a cyberattack--threat actors can simply purchase it from these initial access brokers.
To read more about access for sale:
Cybersixgill automatically aggregates data leaks and alerts customers in real time.
You may also like
June 26, 2023
Preemptively Prevent Initial Access Compromise with Cybersixgill's DarkfeedRead more
August 10, 2022
Initial access broker claims to sell access to “central bank” and its SWIFT account for $500,000Read more
April 28, 2022