A threat actor observed on underground hacker forums peddling internal network access to various entities claims to have breached the infrastructure of notable organizations such as UNICEF and cybersecurity companies Symantec and Comodo.
The hacker uses the online name Achilles and offers to sell details for a way in for modest prices, between $2,000 and $5,000, depending on the value of the target. Their activity jumped over the past seven months particularly in Fall 2019 and Spring 2019.
This appears to be a different threat actor than Fxmsp, who advertised access to antivirus companies with offices in the U.S., namely Symantec, McAfee, and Trend Micro. While Fxmsp is believed to be a group of Russian-speaking hackers, the new seller speaks English and may be Iranian.
Hacker built a good reputation
A report from fraud prevention company Advanced Intelligence (AdvIntel) notes that Achilles enjoys a good reputation and positive reviews on the forums they advertise on and has a record of sales. To increase credibility, the hacker insists that payment for some deals be completed through the forum's escrow service.
In conversations with potential buyers, Achilles said they could get into internal networks belonging to Symantec, cybersecurity company Comodo, 3-D software maker Hash Inc, and children's rights protection advocate UNICEF.
The hacker states in private messages that Symantec's internal infrastructure is possible through a remote desktop connection. The same type of illegal entry ..
Support the originator by clicking the read the rest link below.
