Skip to content Dark Web Informer - Cyber Threat Intelligence

Alleged Sale of WP Admin Access to an Unidentified Shop in Australia

📖 Overview

A threat actor is offering unauthorized WordPress admin access to an unidentified e-commerce shop in Australia. Such access could enable attackers to install malicious plugins, steal payment information, or launch additional compromises across connected systems.


📌 Key Details

  • Victim Country: Australia
  • Industry: E-commerce & Online Stores
  • Threat Actor: Reve
  • Network: openweb
  • Category: Initial Access
  • Severity: Medium
  • Access Type: WordPress administrator panel with plugins enabled
  • Price Structure: Start $250 • Step $50 • Blitz $500 • PPS 24 hours

🔗 Claim Post (Plain Text)

Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.


📸 Screenshot Preview


🛡️ WhiteIntel.io Access Infostealers Check

This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.


🧩 TTPs (MITRE ATT&CK Mapping)

  • TA0001 – Initial Access: Exploitation of internet-facing applications
  • T1078 – Valid Accounts: Use of stolen WordPress admin credentials
  • TA0009 – Collection: Theft of payment card or order information from e-commerce systems
  • TA0040 – Impact: Defacement, malware injection, or secondary intrusions through compromised CMS

👤 Threat Actor Profile: Reve

Summary

  • Total Matches: 40
  • First Seen: 2024-12-31
  • Last Seen: 2025-08-20
  • Data Start: 2024-10-02
  • Countries: USA, Spain, Israel, UK, Australia
  • Industries: E-commerce & Online Stores, Cosmetics, Non-profit & Social Organizations, Leisure & Travel, Healthcare & Pharmaceuticals

📊 Threat Actor Activity

DateCountrySector / IndustryTypeTarget / SiteNetwork
2025-08-20AustraliaE-commerce & Online StoresInitial AccessWP admin access to unidentified shopopenweb
2025-07-22GermanyE-commerce & Online StoresInitial AccessUnidentified shopopenweb
2025-07-12UnknownInitial AccessWordPress administrator credentialsopenweb
2025-07-08UnknownInitial AccessMultiple WordPress sitesopenweb
2025-06-26FranceE-commerce & Online StoresInitial AccessUnidentified e-commerce siteopenweb
2025-06-12UnknownE-commerce & Online StoresInitial AccessInternational WordPress shopopenweb
2025-06-01USAE-commerce & Online StoresInitial AccessUnidentified online shopopenweb
2025-05-31USAE-commerce & Online StoresInitial AccessUnidentified online storeopenweb
2025-05-28AustraliaE-commerce & Online StoresInitial AccessUnidentified online storeopenweb
2025-05-28SpainE-commerce & Online StoresInitial AccessWordPress-based siteopenweb

ℹ️ Showing the latest 10 results. 30 more not shown.


🚨 Potential Risks

Unauthorized WordPress admin access poses a direct threat to e-commerce platforms. Attackers could harvest customer data, skim payment card details, inject malware into checkout pages, or use the compromised site to spread phishing kits and ransomware loaders. It also undermines customer trust and could lead to regulatory consequences if data protection standards are violated.


  • Reset and rotate WordPress administrator credentials immediately
  • Enforce strong password policies and enable multi-factor authentication
  • Audit installed plugins and remove or update vulnerable ones
  • Regularly patch and harden the WordPress CMS and server environment
  • Monitor payment flows for signs of card skimming or abnormal transactions
  • Conduct forensic analysis to identify persistence mechanisms left by intruders

💡 Final Thoughts

The sale of WordPress administrator access has become a common initial access vector for threat actors targeting e-commerce businesses. Even relatively small shops are attractive because of the payment data they handle. Organizations must treat CMS security as critical infrastructure, applying regular hardening, patching, and monitoring to prevent their sites from being turned into tools for cybercrime.

Latest