Skip to content Dark Web Informer - Cyber Threat Intelligence
Support
Sign In Subscribe
Initial Access

ProfessorKliq Claims to be Selling Access Targeting Multiple U.S. Companies

 and  Dark Web Informer
2 min read

💡This post is part of Free Post Friday! If you're interested in subscribing to the platform please visit the subscriber page: https://darkwebinformer.com/status/#/portal/signup. If you would prefer to pay via cryptocurrency, please visit: https://darkwebinformer.com/crypto-payments

If you're interested in advertising please visit: https://darkwebinformer.com/advertising-rates/

📌 Quick Facts

🔗 DarkWebInformer.com - Cyber Threat Intelligence
📅 Date: 2025-02-28 03:56:28
🚨 Title: Alleged RDWeb Access Sale Targeting Multiple U.S. Organizations
🛡️ Victim Country: USA
🏭 Victim Industry: Multiple (Manufacturing, Retail, Hospitality, Recreation)
🏢 Victim Organization: Unspecified (Five separate U.S. companies)
🌐 Victim Site: Not Provided
📜 Category: Initial Access
🔗 Claim: https://forum.exploit.in/topic/254966/
🕵️‍♂️ Threat Actor: ProfessorKliq
🌍 Network: OpenWeb

📝 What Happened?
A cybercriminal operating under the alias ProfessorKliq has advertised Remote Desktop Web (RDWeb) access to multiple U.S.-based organizations across different industries. The listing includes details about each target, such as employee count, endpoint security solutions, and estimated revenue, indicating a well-researched breach.

The accesses being sold provide domain user rights and are linked to the following industries:

  • Manufacturing (Plastic, Packaging & Containers) – $5.8M Revenue
  • Retail (Gas Stations, Liquor Stores) – $11.5M Revenue
  • Home Improvement & Hardware Retail – <$5M Revenue
  • Hospitality (Country Club) – $8M Revenue
  • Recreation (Fitness & Dance Facilities) – $7.7M Revenue

The starting price for the access is $1,000, with bids increasing by $200 and a "Blitz" buyout price of $1,600.

📊 Compromised Access Details

  • Five U.S. organizations affected, covering retail, manufacturing, and hospitality.
  • Domain user access via RDWeb, with various endpoint security solutions (Microsoft Defender, Sophos, Sentinel).
  • Pricing starts at $1,000, making it an accessible entry point for cybercriminals.

🛡 WhiteIntel.io Data Leak Information
(No victim site disclosed)

Implications

  • Network Compromise Risks – RDWeb access could allow lateral movement within corporate networks.
  • Financial & Operational Disruption – Cybercriminals may use access for data theft, fraud, or ransomware deployment.
  • Supply Chain Vulnerabilities – If manufacturing and retail organizations are affected, downstream suppliers may also be at risk.

🔧 Recommended Actions

  • Audit RDWeb Access Logs – Identify and remove any unauthorized users.
  • Enforce Multi-Factor Authentication (MFA) – Strengthen access controls for remote desktop services.
  • Monitor for Unusual Login Activity – Detect potential unauthorized use of compromised credentials.
  • Engage Incident Response Teams – Prepare mitigation strategies for potential breaches.

Stay vigilant. Follow DarkWebInformer.com for real-time updates on corporate cyber threats.

Related

Latest