Hacker Sells Access to Pakistani Airlines' Network

Access to Pakistan International Airlines’ network is being offered for sale on the cyber underground, according to threat researchers in Israel. 

A team at dark net threat intelligence firm KELA spotted a threat actor touting domain admin access to the airline for $4,000 on two Russian-speaking illegal online forums and one English-speaking forum that they had been monitoring. 

From their headquarters in Tel Aviv, the team had been tracking ransomware trends, exploring how initial access brokers in the cybercrime community play a role in the supply chain of this popularly deployed malware.

On November 9, a KELA spokesperson told Infosecurity Magazine: "We've been tracking a threat actor that just last week published domain access for sale to Pakistan International Airlines’ network. 

"Most of the time we're seeing cyber-criminals purchase these initial accesses to gain an initial foothold into the victim's network, from which they can then perform lateral movement to advance their access privileges and potentially employ ransomware or some other type of attack."

A week after putting access to the airline's network on the black market, the cyber-criminal announced that they were also selling all the databases that exist in the airline's network. 

The threat actor published a sample of the allegedly stolen data, which they claim contains "all people information who use Pakistan Airline includ[ing] name, last name, phone number, passport."

"The actor mentions that what he is selling includes around 15 databases all with different amounts of records—some around 500k records and some around 60k–50k records—but that a ..

Support the originator by clicking the read the rest link below.