Russian hackers have put up the Pakistan International Airlines (PIA) network access and database on sale on the dark web as revealed by a team of Israeli cyber threat researchers.
As per the InfoSecurity, a publication based on information security, a group at the darknet threat intelligence firm KELA identified a threat actor offering the domain admin access to the airline for $4,000. The offer is still active on two Russians and one English dark web portal that KELA had been monitoring.
Read more: Pakistani banks lost billions of rupees in over a dozen cyberattacks
KELA is a Tel Aviv based firm which tracks ransomware trends and identifies threats to international organizations and government setups.
Due to no diplomatic ties with Pakistan, Israel based KELA have not formally informed the PIA administration but made the revelation public.
While speaking to the InfoSecurity magazine, a KELA spokesperson said that their organization is tracking the threat actor who published the domain access for sale to PIA’s network.
“Most of the time, we’re seeing cyber-criminals purchase these initial accesses to gain an initial foothold into the victim’s network, from which they can then perform the lateral movement to advance their access privileges and potentially employ ransomware or some other type of attack.”
After the publication of domain access, the hacker also put all the databases in the PIA network on sale on the dark web. According to the sample posted by cybercriminals, the database carries all the passenger’s information who use PIA, which includes first name, last name, phone and passport number.
“The actor mentioned that what he is selling includes around fifteen databases, all with different amounts of record — some around 500,000 records and some around 60,000–50,000 records — but that all the records stored in their network are included,” the KELA spokesperson said.
According to Jewish firm KELA, the same threat actor also put 38 databases up for sale at a collective price of around $118,700 since July 2020.
According to the threat research agency they suspect that the hacker has more data which he offers while chatting privately.
