A threat actor has been trying to sell compromised information from Israeli security entities on a Russian-speaking cybercriminal forum.
On RAMP, the dark web forum, a threat actor named “blackfield” is trying to sell a database of personally identifiable information (PII), photographs, and links to social media for members of the Israeli Defense Force and the Israel Security Agency.
According to the cybersecurity company ZeroFox, “blackfield” priced the package at $15,000 and said that they’d use the forum’s escrow service for the transaction. An escrow service refers to the transactions made via a third party to make sure that specific conditions have been met.
“It is highly likely that “blackfield”’s goal is to profit from selling the compromised information to geopolitically incentivized parties. The threat actor advertising the compromised data for sale instead of sharing it for free indicates that their incentive is unlikely ideological,” ZeroFox said.
The data is expected to be more valuable after the recent outbreak of hostilities between Israel and Hamas. As per researchers, the cost for this amount of data is higher than average.
The data was most likely obtained via credential stuffing attacks against social media profiles.
“It is likely that the threat actor responsible for compromising the data possessed additional information that allowed them to identify members of the Israeli Defense Force and the Israel Security Agency,” ZeroFox noted.
They assess that “blackfield” is a network access broker. Another threat actor on the forum, dubbed “achillesec” and most likely a ransomware affiliate, expressed an interest in the compromised data.
More from Cybernews:
Subscribe to our newsletter