💡This post is part of Free Post Friday! If you're interested in subscribing to the platform please visit the subscriber page: https://darkwebinformer.com/status/#/portal/signup. If you would prefer to pay via cryptocurrency, please visit: https://darkwebinformer.com/crypto-payments
If you're interested in advertising please visit: https://darkwebinformer.com/advertising-rates/
📌 Quick Facts
🔗 DarkWebInformer.com - Cyber Threat Intelligence
📅 Date: 2025-02-28 03:56:28
🚨 Title: Alleged RDWeb Access Sale Targeting Multiple U.S. Organizations
🛡️ Victim Country: USA
🏭 Victim Industry: Multiple (Manufacturing, Retail, Hospitality, Recreation)
🏢 Victim Organization: Unspecified (Five separate U.S. companies)
🌐 Victim Site: Not Provided
📜 Category: Initial Access
🔗 Claim: https://forum.exploit.in/topic/254966/
🕵️♂️ Threat Actor: ProfessorKliq
🌍 Network: OpenWeb
📝 What Happened?
A cybercriminal operating under the alias ProfessorKliq has advertised Remote Desktop Web (RDWeb) access to multiple U.S.-based organizations across different industries. The listing includes details about each target, such as employee count, endpoint security solutions, and estimated revenue, indicating a well-researched breach.
The accesses being sold provide domain user rights and are linked to the following industries:
- Manufacturing (Plastic, Packaging & Containers) – $5.8M Revenue
- Retail (Gas Stations, Liquor Stores) – $11.5M Revenue
- Home Improvement & Hardware Retail – <$5M Revenue
- Hospitality (Country Club) – $8M Revenue
- Recreation (Fitness & Dance Facilities) – $7.7M Revenue
The starting price for the access is $1,000, with bids increasing by $200 and a "Blitz" buyout price of $1,600.
📊 Compromised Access Details
- Five U.S. organizations affected, covering retail, manufacturing, and hospitality.
- Domain user access via RDWeb, with various endpoint security solutions (Microsoft Defender, Sophos, Sentinel).
- Pricing starts at $1,000, making it an accessible entry point for cybercriminals.
🛡 WhiteIntel.io Data Leak Information
(No victim site disclosed)
⚠ Implications
- Network Compromise Risks – RDWeb access could allow lateral movement within corporate networks.
- Financial & Operational Disruption – Cybercriminals may use access for data theft, fraud, or ransomware deployment.
- Supply Chain Vulnerabilities – If manufacturing and retail organizations are affected, downstream suppliers may also be at risk.
🔧 Recommended Actions
- Audit RDWeb Access Logs – Identify and remove any unauthorized users.
- Enforce Multi-Factor Authentication (MFA) – Strengthen access controls for remote desktop services.
- Monitor for Unusual Login Activity – Detect potential unauthorized use of compromised credentials.
- Engage Incident Response Teams – Prepare mitigation strategies for potential breaches.
⚠ Stay vigilant. Follow DarkWebInformer.com for real-time updates on corporate cyber threats.
