SOCRadar® Cyber Intelligence Inc. | Credit Card, RDP Access, Health, and Business Data Sales


May 22, 2023
4 Mins Read

Credit Card, RDP Access, Health, and Business Data Sales

Welcome to this week’s edition of our dark web news summary, where we bring you the latest updates on the clandestine world of cybercrime. This week’s headlines shed light on the alarming activities within the internet’s dark corners. First on our list, we have discovered an unauthorized sale of RDP accesses targeting a European real estate company. In addition, the dark web marketplace is buzzing with the sale of health data from American hospitals, business data of Bank of America, and credit cards belonging to individuals from multiple countries, posing a significant risk to institutions and the public. Notably, the notorious AlphVM Blackcat ransomware strikes again, with its latest victim being Orion Corporation, adding to the growing list of organizations falling prey to this malicious threat.

Join us as we dive into the details of these dark web incidents.

Find out if your data has been exposed.

Find out if your data has been exposed.

Unauthorized RDP Accesses Sale is Detected for a European Real Estate Company

rdp access sale

SOCRadar dark web analysts have detected a post that a threat actor claims to be selling unauthorized access to a real estate company’s RDP network administration. The access, allegedly belonging to a European company, is offered without a backup server and includes multiple hosts. The threat actor states that the targeted organization operates in the real estate sector within the European Union, with an estimated annual income of over $30M. The asking price for this unauthorized access is advertised as $250.

Health Data of American Hospitals are on Sale

A SOCRadar researcher has discovered a post that a threat actor claims to sell allegedly new health data associated with American hospitals. The post indicates that 16 million records have been dumped, including 11 million patient and 5 million specialist records. The threat actor insists on conducting transactions through escrow services only. The provided patient data samples include ID, address, birthdate, city, company ID, first name, phone number, and zip code. Similarly, the samples of specialist data include ID, addresses, and titles.

Business Data of Bank of America are on Sale

SOCRadar dark web team has detected a post regarding an alleged sale of business data related to Bank of America. The threat actor behind the post is claiming to offer or exchange business information, including a balance of 120k. They mention that the provided email addresses are invalid, implying that the data may be unreliable. The threat actor insists on a guarantor or a positive reputation for the transaction. For further details, the threat actor requests that communication take place via forum private messaging.

The New Ransomware Victim of AlphVM Blackcat: Orion Corporation

On May 16, A SOCRadar researcher discovered a post claiming that the AlphVM BlackCat gang had added Orion Corporation to its victim list. This dataset allegedly includes documents pertaining to employees in both the Korean and Chinese industries and a significant number of non-disclosure agreements.

Credit Cards Belonging to Many Countries are on Sale

SOCRadar dark web analysts have identified a post that a threat actor claims to sell access to live credit card data from multiple hotel payment systems. The seller claims the data is categorized by country and covers a specific period with 81,393 records. Prices range from $1 to $5 depending on order size, and the threat actor claims that the cards’ validity ranges from 50% to 90%, depending on the registration date.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.