January 23, 2023by Adi Bleih

Threat actor auctions access to four e-commerce sites

On January 12, a threat actor posted selling compromised access to four e-commerce sites shops. The access includes iframe payment methods, which are embedded payment pages from a third-party payment service provider (such as a credit card processor or PayPal). Access to the iframe payment page would allow the attacker to harvest any payment information input into the site.

The package includes admin privileges and access to a web shell and database.

While the post does not specify the sites, it does detail the number of cards used for payments for the last three months. This will enable a prospective buyer to assess the number of transactions and approximate profit they could gain.

The starting price is $3,000, with a “buy it now” price of $4,500.

On the underground, we often find threat actors selling access as a service. This includes access to compromised endpoints, domains, and protocols, such as RDP. Instead of figuring out how to secure initial access--the first stage in a cyberattack--threat actors can simply purchase it from these initial access brokers.

To read more about access for sale:

Ransomware and Wholesale Access Markets: A $10 investment can lead to millions in profit

Champions League of Cybercrime

Cybersixgill automatically aggregates data leaks and alerts customers in real time.

Learn More

You may also like


June 26, 2023

Preemptively Prevent Initial Access Compromise with Cybersixgill's Darkfeed

Read more

August 10, 2022

Initial access broker claims to sell access to “central bank” and its SWIFT account for $500,000

Read more

April 28, 2022

How cyber attackers use black hat SEO to gain access to information

Read more