📖 Overview
A threat actor is offering unauthorized WordPress admin access to an unidentified e-commerce shop in Australia. Such access could enable attackers to install malicious plugins, steal payment information, or launch additional compromises across connected systems.
📌 Key Details
- Victim Country: Australia
- Industry: E-commerce & Online Stores
- Threat Actor: Reve
- Network: openweb
- Category: Initial Access
- Severity: Medium
- Access Type: WordPress administrator panel with plugins enabled
- Price Structure: Start $250 • Step $50 • Blitz $500 • PPS 24 hours
🔗 Claim Post (Plain Text)
Claim Post: Available on the Threat Feeds and Paid Subscriber blog posts.
📸 Screenshot Preview

🛡️ WhiteIntel.io Access Infostealers Check
This section is available exclusively for paid subscribers in the Ransomware/Threat Feed blog posts.
🧩 TTPs (MITRE ATT&CK Mapping)
- TA0001 – Initial Access: Exploitation of internet-facing applications
- T1078 – Valid Accounts: Use of stolen WordPress admin credentials
- TA0009 – Collection: Theft of payment card or order information from e-commerce systems
- TA0040 – Impact: Defacement, malware injection, or secondary intrusions through compromised CMS
👤 Threat Actor Profile: Reve
Summary
- Total Matches: 40
- First Seen: 2024-12-31
- Last Seen: 2025-08-20
- Data Start: 2024-10-02
- Countries: USA, Spain, Israel, UK, Australia
- Industries: E-commerce & Online Stores, Cosmetics, Non-profit & Social Organizations, Leisure & Travel, Healthcare & Pharmaceuticals
📊 Threat Actor Activity
Date | Country | Sector / Industry | Type | Target / Site | Network |
---|---|---|---|---|---|
2025-08-20 | Australia | E-commerce & Online Stores | Initial Access | WP admin access to unidentified shop | openweb |
2025-07-22 | Germany | E-commerce & Online Stores | Initial Access | Unidentified shop | openweb |
2025-07-12 | Unknown | – | Initial Access | WordPress administrator credentials | openweb |
2025-07-08 | Unknown | – | Initial Access | Multiple WordPress sites | openweb |
2025-06-26 | France | E-commerce & Online Stores | Initial Access | Unidentified e-commerce site | openweb |
2025-06-12 | Unknown | E-commerce & Online Stores | Initial Access | International WordPress shop | openweb |
2025-06-01 | USA | E-commerce & Online Stores | Initial Access | Unidentified online shop | openweb |
2025-05-31 | USA | E-commerce & Online Stores | Initial Access | Unidentified online store | openweb |
2025-05-28 | Australia | E-commerce & Online Stores | Initial Access | Unidentified online store | openweb |
2025-05-28 | Spain | E-commerce & Online Stores | Initial Access | WordPress-based site | openweb |
ℹ️ Showing the latest 10 results. 30 more not shown.
🚨 Potential Risks
Unauthorized WordPress admin access poses a direct threat to e-commerce platforms. Attackers could harvest customer data, skim payment card details, inject malware into checkout pages, or use the compromised site to spread phishing kits and ransomware loaders. It also undermines customer trust and could lead to regulatory consequences if data protection standards are violated.
✅ Recommended Security Actions
- Reset and rotate WordPress administrator credentials immediately
- Enforce strong password policies and enable multi-factor authentication
- Audit installed plugins and remove or update vulnerable ones
- Regularly patch and harden the WordPress CMS and server environment
- Monitor payment flows for signs of card skimming or abnormal transactions
- Conduct forensic analysis to identify persistence mechanisms left by intruders
💡 Final Thoughts
The sale of WordPress administrator access has become a common initial access vector for threat actors targeting e-commerce businesses. Even relatively small shops are attractive because of the payment data they handle. Organizations must treat CMS security as critical infrastructure, applying regular hardening, patching, and monitoring to prevent their sites from being turned into tools for cybercrime.