A recent listing on a popular hacking forum has revealed the potential sale of firewall access to an FBI subdivision base by a threat actor known as “miyako.” The post on the forum offered root access to a server hosting the firewall for the subdivision for the price of US$2,000. While the listing was made on December 14th, it has since been updated to indicate that the access has been sold. However, the legitimacy of the access and the specific subdivision it pertains to remain unverified at this time.
This is not the first time that miyako has been associated with large breaches. On December 12th, the threat actor listed root access to a server hosting the firewall for a US Air Force base, which was sold for US$800. Other recent listings by miyako include claims of access to a US ISP with over US$1 billion in revenue and a listing related to computer manufacturer ASUS. These listings typically lack specific details beyond the listed price, making verification difficult.
According to information provided in miyako’s listings, they are allegedly part of the HELLCAT threat group, which has been linked to previous cyber attacks. In November, a threat actor named “greppy,” also part of the HELLCAT group, taunted Schneider Electric in a post on a different platform. The taunting post included references to stolen data, such as email addresses, JIRA accounts, and Gravatar accounts. The threat group demanded a payment of $125,000 USD in exchange for not releasing the compromised information.
The breach of Schneider Electric’s data was described as compromising critical information, including projects, issues, plugins, and over 400,000 rows of user data totaling more than 40GB. The demand for payment was addressed to Schneider Electric’s new CEO Olivier Blum, who had been appointed earlier that week. The threat group indicated that failure to meet their demands would result in the dissemination of the compromised information, and they warned that delaying payment would only increase the ransom amount.
The connection between the recent sale of firewall access to an FBI subdivision base and the activities of the HELLCAT threat group raises concerns about cybersecurity vulnerabilities in critical infrastructure and government agencies. The unauthorized access to sensitive information poses a significant risk to national security and underscores the ongoing challenges faced by organizations in protecting their data from increasingly sophisticated cyber threats.
As cybersecurity threats continue to evolve, it is essential for organizations to remain vigilant and proactive in implementing robust security measures to safeguard their information assets. Collaboration between government agencies, cybersecurity experts, and private sector partners is crucial in addressing these challenges and mitigating the risks posed by threat actors seeking to exploit vulnerabilities for financial gain or malicious purposes.