 |
| Email accounts of hundreds of executives are ready for sale |
The hacker sent the email account password to hundreds of businessmen around the world.
The data is sold on a Russian hacker forum called Exploit.in.
The hacker sold a large number of emails and passwords to Office 365 and Microsoft accounts. He claimed that these accounts and passwords belonged to senior executives who were doing the following:
- General Manager: Managing Director.
- Operations Manager: Director of Operations.
- Financial Director: Director of Financial Resources.
- Marketing Director: Marketing Director.
- CTO: Chief Technology Officer.
The group also includes emails and passwords for corporate heads, vice presidents, administrative assistants, financial directors, accountants, directors, and financial directors.
The price for accessing one of these accounts ranges from $ 100 to $ 1500, depending on the size of the company and the location of the user.
A source in the cybersecurity community confirmed the authenticity of the data and received valid data from two accounts, the CEO of a medium-sized software company in the United States and the CFO of a distribution chain in the United States. Retail in the European Union. officially.
These are the credentials of management consulting executives in the United Kingdom and heads of manufacturers of apparel and accessories in the United States.
The seller refused to indicate how he obtained the login details, but said there were hundreds of items for sale.
According to KELA, the same hacker has expressed interest in purchasing data from computers infected with AzorUlt malware.
The AzorUlt malware registry contains the username and password extracted from the browser of the infected device.
This data is usually collected, organized, and sold in private marketplaces such as Genesis, hacker forums, or other cybercrime groups.
Raveed Laeb, KELA product manager, said: Hacked corporate email data is of value to cybercriminals as it can be profitable in various ways.
According to Leib's statements:
- Attackers can use it for internal communication in the context of fraudulent operations, where criminals manipulate employees to receive large amounts of money.
- They can be used as part of a blackmail scheme to gain access to confidential information.
- It can be used to access other internal systems that require two-factor authentication via email.
The stolen email account was likely purchased due to the misuse of what is known as a BEC scam.
According to a report by the FBI earlier this year, fraud in the BEC was the most common form of cybercrime in 2019 after accounting for half of the cybercrime losses reported last year.