IT NewsMarket newsSecurity
Olga Blinkova | 03.09.2020
Initial access data obtained during attacks on corporate VPNs are sold by Iranian hackers on the forum to anyone who wants to buy it. This is reported by the ZDNet edition with
a reference to Crowdstrike. The largest wholesale buyers of such information are extortionist gangs.
The seller is the hacker group Pioneer Kitten (also known as Fox Kitten and Parisite). Crowdstrike believes that the Iranian group offering for sale
access to a number of hacked companies, cooperates with the Iranian authorities.
It is assumed that Pioneer Kitten gained access to companies using VPN vulnerabilities, and then other attackers “dug” into these companies, in particular those who supplied the stolen
information to the Iranian leadership. Access to those companies that did not possess the information necessary for the Iranian authorities was sold on the forum, and there is no waste of good, at least some kind of monetization.
Most of all, Iranian hackers are interested in enterprises in the United States, Israel and the Middle East. Defense businesses are a tidbit, but Pioneer Kitten is also interested in healthcare,
high-tech companies and government agencies. What they hacked, but was of no use to anyone, is for sale.
It is noted that the largest wholesale buyer of “initial access” to company data (initial access) are gangs that encrypt company data and demand a ransom for decryption. That is, in
Pioneer Kitten opens locked digital doors with malicious tools and gives the keys to everyone. The prices for such “keys” are not reported in the ZDNet material.
Magazine: IT-News Magazine, Magazine Subscription