Pierluigi Paganini
November 11, 2022
A threat actor (0x_dump) claims to have hacked the multinational investment bank Deutsche Bank and is offering access to its network for sale online.
The security researcher Dominic Alvieri was one of the first experts to report the announcement published by the initial access broker on Telegram.
The IAB claims to have access to around 21000 machines in the bank’s network, most of which are Windows systems. It also claims that the compromised machines were protected with a Symantec EDR solution.
“FTP , Shells , root , SQL-inj, DB, Servers.. We selling another network accss of a particular Bank, internal network ,we have DA, domain has around 21k machines configured most being windows Edr of machines are Symantec . Also internal network filters TCP,UDP,HTTP & HTTPS . Employees communicate between office chats services, there is file servers with more that 16TB of internal Data including share folder for every usr on the network & They also have flexcube DB.. We can provide VDI & VPN + all passwords of domain dump (with DA usr’s) Their funds is in B$ Price 7.5BTC We will request for proof that one can afford to avoid time wasters etc…” reads the announcement.
Breaking
— Dominic Alvieri (@AlvieriD) November 11, 2022
Deutsche Bank allegedly breached and for sale by the same access broker that sold access to Medibank.
HQ in Frankfurt, Germany shown.
/db.com @DeutscheBank
c/o @osint_ben @Europol @DTCERT #cybersecurity #infosec@campuscodi @LawrenceAbrams pic.twitter.com/qFhwQ5zSIY
The seller said to have had access to the chat services used for internal communications, he also claimed to have access to file servers containing 16 terabytes of data.
The IAB is offering access to the Deutsche Bank 7.5 Bitcoin, worth approximately $156,274.
The seller added that he is receiving a lot of requests for this offer:
“We are getting a lot of requests and it’s hard to filter out fake buyers so we ask for proof you can afford it or (share with us your @ on forums (we recommend we’ll known individuals for us to work easily)” added the seller.
Alvieri speculates that the IAB is the same broker who recently offered for sale access to the systems of the Australian health insurance Medibank.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, Deutsche Bank)
[adrotate banner=”5″]
[adrotate banner=”13″]
