Alleged sale of initial access to a U.S. bank
Incident Overview
The threat actor claims to be selling initial access to a U.S.-based bank reported to manage approximately $5 billion in assets. The compromised environment allegedly runs on a Linux operating system with firewall device access featuring root-level permissions.
According to the threat actor's advertisement, the access includes capabilities that could potentially enable significant unauthorized control over the institution's network infrastructure. The threat actor emphasizes that pricing is non-negotiable and is only accepting inquiries from serious buyers.
The claimed access reportedly includes:
- Linux operating system access
- Firewall device access
- Root-level permissions (Root RCE + Shell)
- Revenue reported as unknown
The listing states a price of $400 and explicitly notes that the price is not negotiable, with the threat actor only accepting contact from serious buyers through a provided session ID.
Initial access sales targeting financial institutions represent high-value opportunities for threat actors, as such access can potentially lead to data theft, financial fraud, ransomware deployment, or other malicious activities. The claim has not been independently verified.
Image Preview
Unlock Full Breach Intelligence
Premium subscribers gain access to PLUS, PRO, or ELITE features, including breach claim URLs and fully unredacted threat and ransomware feeds with no blur, along with leak and breach coverage, 500+ onion and clearnet resources, uptime monitoring, high-resolution watermark-free images, and more.
API Access for Researchers & Security Teams
SOC teams, researchers, and security professionals can integrate Dark Web Informer's threat intelligence directly into their workflows via API. Access real-time breach data, threat feeds, and monitoring capabilities programmatically.
Learn About API AccessDark Web Informer © 2025 | Cyber Threat Intelligence | DarkWebInformer.com
