7,500 educational organizations hacked, access being sold on Russian hacker forums


Level 2
May 4, 2020
Network access to 7,500 organizations is being sold by a threat actor on multiple Russian hacker forums. According to the listings posted on October 3 and October 26, these mainly include educational organizations. However, the package also appears to include access to corporate networks from other verticals, such as entertainment and the bar industry.

The seller offers “convenient access” to the 7,500 compromised networks located in the USA, Canada, and Australia via Remote Desktop Protocol (RDP) and claims to be the sole cybercriminal in possession of the network access. The advert has been posted on at least two Russian hacker forums. The access is sold via an auction, with the initial bid for the entire package starting at 25 BTC (roughly $330,000) and the “Buy now” option at 75 BTC (about $1,000,000).