Threat analysis by The RabitaNoor (RBTN) Cyber Research Center

Dark Web Sale of Network Access to UAE Power Company

The goals of this document is to provide technical and strategic analysis of a much larger document, audio etc.

The document is a product of the RBTN - CYOI Pulpit

Photo by Yeshi Kangrang

Document Summary

According to a post on a dark web forum, a threat actor allegedly claimed to be selling network access to a major power company in the United Arab Emirates. The threat actor claims to have administrative domain access to a holding company operating in the water and electric power sector. The access is offered for $40,000, though the price is negotiable. The compromised network reportedly contains over 5,000 hosts protected by ESET antivirus software. The company generates approximately $700 million in revenue, making it a significant target. The access is available through a command and control (C2) server, with the transaction suggested to be conducted through a trusted intermediary.

Analysis

Overview

Timestamp: 2023-10-15

Title: Dark Web Sale of Network Access to UAE Power Company

Severity: High

The incident involves a threat actor offering network access to a major UAE power company on a dark web forum. The adversary claims to have administrative domain access, indicating a significant capability. The infrastructure includes a compromised network with over 5,000 hosts protected by ESET antivirus. The victim is a holding company in the water and electric power sector, making it a high-value target. The threat actor's motivation appears to be financial gain, with the access priced at $40,000.