Threat Actor: Unknown | unknown
Victim: US Cosmetics Company | US Cosmetics Company
Price: $12,000
Exfiltrated Data Type: PowerShell commands, Chrome browser log (2 passwords)
Key Points :
- A threat actor claims control over a botnet that includes a device from a well-known US cosmetics company.
- The attacker can issue PowerShell commands via a Command and Control (C2) interface.
- Access to the device is being offered for a starting price of $6,000, with incremental bids of $1,000.
- A “blitz” price of $12,000 is available for immediate purchase.
- The attacker promises to remove their software from the system after the sale, leaving the device fully under the buyer’s control.
- Limited extras include a Chrome browser log containing two passwords, but no additional network access or guarantees are provided.
- Detailed information will only be shared with serious buyers.
A threat actor on a dark web forum has claimed control over a botnet that includes a device from a well-known US cosmetics company. The attacker alleges that they have access to this specific device through their botnet and can issue PowerShell commands via a Command and Control (C2) interface. They also suspect that Cisco AnyConnect is being used for domain connectivity.
The attacker is offering to sell control of the bot to interested buyers, providing access through a web-based control panel. Once sold, the threat actor promises to remove their software from the system, leaving the device fully under the buyer’s control.
While they offer limited extras, including a Chrome browser log containing two passwords, no additional network access or guarantees are provided. The starting price for access to the device is $6,000, with incremental bids of $1,000, and a “blitz” price of $12,000 for immediate purchase.
The attacker claims they will only share more detailed information with serious buyers.
The post Threat Actor Offers Access to US Cosmetics Company for $12K appeared first on Daily Dark Web.