A group of Israeli cyber threat researchers has disclosed that Russian hackers have placed the Pakistan International Airlines’ (PIA) network access and database on sale on the cyber underground.
Originally, only PIA’s network access was purchasable on the dark web. up. A week later, the hackers also put up all the databases in the airline’s network for sale. The cybercriminals posted a sample of the data they hacked from the company, which consisted of all the people’s information who use PIA, including names, last names, phone numbers, and passports.
As stated by the InfoSecurity, a leading magazine which reports on information security, a team at the darknet threat intelligence firm KELA spotted a threat actor offering the domain admin access to the airline for $4,000. The offer is still live on two Russian and one English dark web forum that KELA had been monitoring.
Speaking to the magazine earlier this month, a KELA spokesperson stated that they have been monitoring the threat actor who published the domain access to PIA’s network for sale last week. He mentioned that this act could be the possibility of a ransomware attack on organizations whose network access has been put up on the dark web like this.
“Most of the time, we’re seeing cyber-criminals purchase these initial accesses to gain an initial foothold into the victim’s network, from which they can then perform the lateral movement to advance their access privileges and potentially employ ransomware or some other type of attack,” the spokesperson said.
“The actor mentioned that what he is selling includes around fifteen databases, all with different amounts of record — some around 500,000 records and some around 60,000–50,000 records — but that all the records stored in their network are included,” the KELA spokesperson said. KELA also revealed that the same threat actor has put 38 databases up for sale at a cumulative price of at least $118,700 since July this year.
Image source: DAWN