A threat actor on a dark web forum published a SYSMON Administrator access for an Indonesian cloud service provider offering solutions including multi-data center services, cloud, cyber security, office collaboration, disaster recovery, cloud software, and much more.
According to the post, the alleged access for sale offers full control over 11,903 devices, including 550 servers, 10 hypervisors, 7 workstations, 3 network devices, 6 firewalls, and 11,325 virtual machines, encompassing over 600 TB of data. With the alleged access, one can connect to any of the devices through TELNET/SSH/SFTP/HTTP and edit any of the devices.
The threat actor set the starting price for the alleged access and an auction-style incremental process started to sell the access where every step is 1000 USD. A Telegram handle and a TOX ID is also included in the post.
The post Alleged SYSMON Admin Access for an Indonesian Cloud Service Provider is For Sale appeared first on Daily Dark Web.