SOCRadar® Cyber Intelligence Inc. | Dark Web Sales: Anti Red Page Service, France Phone Database, Leads for Payment Processor


Ağu 21, 2023
4 Mins Read

Dark Web Sales: Anti Red Page Service, France Phone Database, Leads for Payment Processor

The SOCRadar Dark Web Team continuously monitors the hidden corners of the dark web to uncover new incidents that could threaten the security of organizations globally.

This week, the team discovered the sale of VPN access for several companies in the airline, retail, and manufacturing sectors. They also stumbled upon a dark web post in which a threat actor is selling an Anti Red Page service – a service that could make certain cyberattacks easier for malicious actors. The latest incidents also encompass sales of databases, including a phone database from France and a payment processor’s database. Additionally, a sale of RDP access for a company in Brazil was discovered. 

Find out if your data has been exposed.

Unauthorized VPN Access Sale is Detected for Several Companies

On 16 August, SOCRadar noticed that a threat actor claims to be selling unauthorized VPN access allegedly associated with various companies. 

In the first instance, the alleged compromised access pertains to a company in Indonesia operating within the Airlines, Airports & Air Services sector. This company reportedly generates a revenue of $456million. The illegal VPN access is attributed to Fortinet and is being offered for $2,000.

The second case involves a United States-based company operating in the Apparel & Accessories Retail industry. This entity boasts a revenue of $484 million. The unauthorized VPN access, which uses Global Protect, is being listed for sale at $3,000.

Lastly, a company in France, within the Manufacturing sector and generating an income of $236 million, is also highlighted. The threat actor claims to possess unauthorized Global Protect VPN access for this company, available for $2,000.

Anti Red Page Service is on Sale

A SOCRadar Dark Web Team analyst detected a post that a threat actor is selling an “Anti Red Page Service” to prevent websites from being flagged as dangerous. The service, priced at $500 per month, claims to block bots, bypass file download alerts, and offers unique codes for each buyer. 

Phone Data of France on Sale

SOCRadar Dark Web researchers found a database sale that a threat actor is advertising the sale of alleged phone data for France. The dataset reportedly contains information for 4 million individuals and includes fields such as first name, last name, phone code, phone number, and address. The seller is asking for a price of $1,200 for this data. 

Database of Payment Processor Leads is on Sale

A SOCRadar researcher has discovered a post where a threat actor is claiming to be selling a new alleged database related to a payment processor. The post outlines that the data being offered includes information such as BIN (Bank Identification Number) codes, expiration dates, bank names, addresses, full names, phone numbers, e-mail addresses, and whether the data is 3D secure or not. The seller highlights that the access to the data is provided on a daily basis and emphasizes the capability to extract leads based on specific requirements. 

Unauthorized RDP Access Sale is Detected for a Brazilian Company

SOCRadar Dark Web Team has discovered that a threat actor is advertising an unauthorized sale for network access, allegedly linked to a company in Brazil. The compromised network’s details indicate that it is located in Sao Paulo and employs Remote Desktop Protocol (RDP) for access. The actor claims to possess administrative privileges on a Windows 11 system. The network has around 60 active devices. The pricing structure involves a starting price of $500, with increments of $100, and an instant buy option of $1,500.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.