Skip to content

Threat actor auctions access to four e-commerce sites

For opening bid of $3000, purchasers can gain access to shops’ checkout pages and databases.

Photo by Dylan Gillis / Unsplash

On January 12, a threat actor posted selling compromised access to four e-commerce sites shops. The access includes iframe payment methods, which are embedded payment pages from a third-party payment service provider (such as a credit card processor or PayPal). Access to the iframe payment page would allow the attacker to harvest any payment information input into the site.

Cybersixgill For Threat Hunters
Access Cybersixgill’s fully automated underground intelligence solution for threat hunters to eliminate future threats.

The package includes admin privileges and access to a web shell and database.

While the post does not specify the sites, it does detail the number of cards used for payments for the last three months. This will enable a prospective buyer to assess the number of transactions and approximate profit they could gain.

The starting price is $3,000, with a “buy it now” price of $4,500.

On the underground, we often find threat actors selling access as a service. This includes access to compromised endpoints, domains, and protocols, such as RDP. Instead of figuring out how to secure initial access--the first stage in a cyberattack--threat actors can simply purchase it from these initial access brokers.

To read more about access for sale:

  1. Ransomware and Wholesale Access Markets: A $10 investment can lead to millions in profit
  2. Champions League of Cybercrime

Learn more about how Cybersixgill automatically aggregates data leaks and alerts customers in real time.