SOCRadar® Cyber Intelligence Inc. | Evil-GPT Sale, Paramount Plus and Casio Data Leak & Unauthorized Access Sales
Home

Resources

Blog
Aug 14, 2023
4 Mins Read

Evil-GPT Sale, Paramount Plus and Casio Data Leak & Unauthorized Access Sales

The SOCRadar Dark Web Team continuously uncovers incidents that endanger various entities by monitoring the hidden recesses of the internet. In this blog post, we explore five recent findings:

A sale for blackhat tool Evil-GPT and an RDP sale involving a US companyhas been observed. Another concerning situation involves a threat actor who offers unauthorized access to a Messenger service, demanding a hefty starting price of $200,000. Alongside this, the team has discovered leaks that expose data from the Paramount Plus website, including a significant number of account details, and a database leak involving Casio, which incorporates AWS keys, database credentials, and a substantial volume of user data

Find out if your data has been exposed.


A New Services of Evil-GPT is on Sale

Evil-GPT is on Sale

The SOCRadar Dark Web Team has identified a post in which a threat actor is advertising a new service called “Evil-GPT” as an alternative to WormGPT, a known blackhat tool for malicious purposes. The post claims thatEvil-GPT is a powerful option, written in Python, and is being offered for the price of just $10. The post urges interested parties to get in touch via Telegram to acquire this tool.

Unauthorized Messenger Access Sale is Detected

Unauthorized Messenger Access Sale

The SOCRadar Dark Web Team has detected a post that a threat actor is claiming to sell unauthorized access to a Messenger service. The access being offered provides admin rights and includes access to the project’s API key, granting the potential to escalate privileges. The admin panel reportedly offers comprehensive user statistics and logs all user actions. The post suggests that messages are concealed but can be accessed through a request, with full access to the project’s API. The seller is asking for a starting price of $200,000, with increments of $100,000.

Data of Paramount Plus are Leaked

Paramount Plus Data Leak

A SOCRadar dark web analyst identified a post in which a threat actor alleges a data leak affecting Paramount Plus. The leak allegedly involves information from 37,000 accounts on the Paramount Plus website. Paramount Plus, owned by Paramount Global, is an American subscription-based video on-demand streaming service.

Unauthorized RDP Access Sale is Detected for an American Company

Unauthorized RDP Access Sale

A SOCRadar researcher has detected a post that a threat actor is advertising the sale of unauthorized Remote Desktop Protocol (RDP) access. The compromised access is allegedly associated with a U.S.-based company with reported revenue of $1.6 billion. The post outlines that the access includes a domain user and operates with Windows Security as antivirus. The pricing structure for this illicit access involves a starting price of $1,500, with increments of $500, and an option for an instant purchase (blitz) priced at $3,000.

Database of Casio is Leaked

Casio Database Leak

A SOCRadar researcher has detected a post that a threat actor claims to have leaked the database of Casio. Allegedly, this leak comprises entries up to July 2011. The threat actor states that this database, although old, was recently dumped from a live RDS server. They are offering AWS keys with significant permissions, including S3 bucket access, along with database credentials to anyone who contacts them and is considered “respected.”. The post specifies that there are 476,420 users’ data in the leaked database.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.