Saturday, November 23, 2024

BREAKING: Access broker claims to have hacked Deutsche Bank, Offers access to its systems for sale on Telegram

A bad actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online.

The security researcher Dominic Alvieri was one of the first experts to report the announcement published by the initial access broker on Telegram.

The IAB claims to have access to around 21000 machines in the bank’s network, most of which are Windows systems. It also claims that the compromised machines were protected with a Symantec EDR solution.

“FTP , Shells , root , SQL-inj, DB, Servers.. We selling another network accss of a particular Bank, internal network ,we have DA, domain has around 21k machines configured most being windows Edr of machines are Symantec . Also internal network filters TCP,UDP,HTTP & HTTPS . Employees communicate between office chats services, there is file servers with more that 16TB of internal Data including share folder for every usr on the network & They also have flexcube DB.. We can provide VDI & VPN + all passwords of domain dump (with DA usr’s) Their funds is in B$ Price 7.5BTC We will request for proof that one can afford to avoid time wasters etc…” reads the announcement.

The seller said to have had access to the chat services used for internal communications, he also claimed to have access to file servers containing 16 terabytes of data.

Recommended:  Over 500,000 Patients Hit by Data Breaches at Healthcare Firms in Alabama, Colorado

The IAB is offering access to the Deutsche Bank 7.5 Bitcoin, worth approximately $156,274.

The seller added that he is receiving a lot of requests for this offer:

“We are getting a lot of requests and it’s hard to filter out fake buyers so we ask for proof you can afford it or (share with us your @ on forums (we recommend we’ll known individuals for us to work easily)” added the seller.

Alvieri speculates that the IAB is the same broker who recently offered for sale access to the systems of the Australian health insurance Medibank.

Medibank is an Australian healthcare company based in Melbourne. The company provides private health insurance and health insurance solutions. Last month, there was a ransomware attack on the insurer. The ransomware attack of the Australian healthcare company Medibank has caused a real earthquake in Australia and the government is planning to tighten the legislation in terms of privacy and security requirements. In this security incident, the attackers were able to capture 9.7 million customer records of the health insurer.

The notice from the provider can be found here and states that criminals posted files containing Medibank customer data on a dark web forum. This data includes personal information such as names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for customers, in some cases passport numbers for our international students, and some health benefits data.

Currently, the hack of the Australian healthcare company Medibank is shaking Down-Under. This is because the attacker is offering millions of patient data on the darknet. Shortly before that, the Australian telecom provider Optus was hacked and millions of customer data were siphoned off. And very recently, the same cybercriminals who attacked Medibank are offering Deutsche Bank data on the darknet. According to reports, the names of the hackers, who operate out of Russia, are known.

Recommended:  Top warning signs your identity has been stolen

Deutsche Bank data on the darknet

If the report is true, there has also been a successful attack on Deutsche Bank, because according to the following tweet, the same group responsible for the Medibank hack could be the attacker that is offering access data to Deutsche Bank’s systems on the darknet. But that’s not confirmed – Lawrence Abrams from Bleeping Computer told me, that it’s an alleged initial access broker, not the same hackers who stole the data from MediBank. But it could be the same actor, that has sold the ransomware gang the access to the network (it’s also unconfirmed and can be a scam).

We’ve launched a Facebook Page, and a group to help people stay informed of the latest security threats, trends and developments. We’d love it if you could Follow us and/or help with raising awareness in the group!

Suggest an edit to this article

Cybersecurity Knowledge Base

Latest Cybersecurity News

Cybersecurity Academy

Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose
Recommended:  Remote code execution vulnerability in Hashnode blogging platform
Share the word, let's increase Cybersecurity Awareness as we know it
- Sponsored -

Sponsored Offer

Unleash the Power of the Cloud: Grab $200 Credit for 60 Days on DigitalOcean!

Digital ocean free 200

Discover more infosec

Steven Black (n0tst3)
Hello! I'm Steve, an independent security researcher, and analyst from Scotland, UK. I've had an avid interest in Computers, Technology and Security since my early teens. 20 years on, and, it's a whole lot more complicated... I've assisted Governments, Individuals and Organizations throughout the world. Including; US DOJ, NHS UK, GOV UK. I'll often reblog infosec-related articles that I find interesting. On the RiSec website, You'll also find a variety of write-ups, tutorials and much more!

more infosec reads

Subscribe for weekly updates

explore

more

security