Cybercriminal Listings Target Fujitsu, Baxter Kelly, AGX Financeira, and a Belgian IT Platform
SOCRadar’s Dark Web Team has observed several new listings involving unauthorized access sales and data breaches affecting companies across Japan, the U.K., Brazil, and Belgium.
One post allegedly offers Citrix access tied to Fujitsu, while another advertises sensitive internal files from Baxter Kelly, a British energy firm. Separately, a Brazilian threat actor is selling extensive customer data from AGX Financeira, and a listing claims admin-level access to a Belgian IT company’s monitoring system.
Receive a Free Dark Web Report for Your Organization:
Alleged Unauthorized Citrix Access Sale is Detected for Fujitsu

SOCRadar detected an alleged unauthorized Citrix access sale on a hacker forum, purportedly linked to Fujitsu, a Japan-based IT and business services provider. The post claims that the access belongs to a delivery group admin account, allowing the attacker to manage user sessions and publish applications. The environment reportedly uses Kaspersky Next EDR, and the access is listed for $20,000.
Alleged Database of Baxter Kelly is on Sale

SOCRadar detected an alleged database sale on a hacker forum, reportedly involving Baxter Kelly Ltd, a UK-based energy retrofit company operating nationwide. The dataset, claimed to be 24GB in size, allegedly contains sensitive customer PII, energy retrofit project details, technical specifications, certifications, and RdSAP reports. The listing price is reportedly $2,000, payable in Bitcoin or Monero.
Alleged Data of AGX Financeira are on Sale

SOCRadar detected an alleged data sale on a hacker forum, reportedly involving AGX Financeira, a Brazil-based financial company focused on issuing loans secured by housing. The threat actor claims the dataset is a MySQL server dump consisting of 78 CSV tables, totaling over 8GB of data.
According to the post, the leak includes:
- 10,772,000 unique phone numbers
- 3,802,000 CPF (Brazilian taxpayer IDs)
- 1,200,000 email records
An example table titled “phone client” reportedly contains 31,425,000 rows of validated phone numbers. The actor set the price at $1,500, payable via cryptocurrency, and shared a Telegram contact for negotiations.
Alleged Unauthorized Admin Access Sale is Detected for a Belgian IT Company

SOCRadar detected an alleged unauthorized admin access sale on a hacker forum, purportedly linked to an IT company operating in Belgium with an estimated annual revenue of around $7 million. The listing suggests administrative control over a monitoring or management platform, referencing Version 3.0.32, 63 hosts, 5034 items, 2646 triggers, 9 users, and 16 groups.
The post also mentions vulnerabilities CVE-2024-22122 and CVE-2024-22120, which could indicate exploitable weaknesses in the infrastructure. The access is allegedly offered for $300, payable in cryptocurrency.
Powered by DarkMirror™
Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.
