Security News > 2023 > July > Over 400,000 corporate credentials stolen by info-stealing malware
The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into business environments.
The stolen information is packaged into archives called 'logs,' which are then uploaded back to the threat actor for use in attacks or sold on cybercrime marketplaces.
"Logs containing corporate access were over-represented on Russian Market and VIP Telegram channels, indicating that the methods attackers use to harvest logs may incidentally or intentionally have more corporate targeting," describes the Flare report.
Corporate credentials are considered "Tier-1" logs, making them particularly high-valued in the cybercrime underground, where they are sold on private Telegram channels or forums like Exploit and XSS. That value is derived from the potential profit cybercriminals can make by leveraging compromised credentials to access CRMs, RDP, VPNs, and SaaS applications and then using that access to deploy stealthy backdoors, ransomware, and other payloads.
"Based on evidence from the dark web forum Exploit in, we rate it as highly likely that initial access brokers are using stealer logs as a principal source to gain an initial foothold to corporate environments that can then be auctioned off on top-tier dark web forums," explains Flare researcher Eric Clay.
Over 100,000 ChatGPT accounts stolen via info-stealing malware.