The threat actor is auctioning domain admin access to an unidentified Peruvian logistics and business services company with an estimated revenue of approximately $10 million. The access vector is through Fortinet VPN.

What is the pricing structure?

The auction starts at $1,250 with $250 bid increments. A 'Blitz' (buy now) price of $2,500 is available.

Initial Access

Alleged Auction of Domain Admin Access to Peruvian Logistics Company Worth $10 Million

, and Dark Web Informer

February 18, 2026 . 9:50 PM

7 min read

Quick Facts

Date & Time 2026-02-18 19:39:04 UTC

Threat Actor Big-Bro

Victim Country Peru

Peru

Industry Logistics / Business Services

Victim Organization Unknown

Victim Site Unknown

Category Initial Access (Auction)

Severity Medium

Network Open Web

Est. Revenue ~$10 Million

Incident Overview

An initial access broker using the handle Big-Bro posted an auction listing claiming to sell domain administrator access to an unidentified logistics and business services company in Peru with an estimated revenue of approximately $10 million. The listing specifies Fortinet as the access vector, indicating the initial entry point is likely through a compromised Fortinet VPN appliance. The auction starts at $1,250 with $250 step increments and a blitz price of $2,500. The threat actor's account was registered in December 2022 with paid registration status, 90 publications, and Autogarant escrow enabled.