Russian hackers put the PIA network and database up for sale on the dark web

A team of Israeli cybercrime researchers has revealed that Russian hackers have put up the Pakistan International Airlines’ (PIA) network access and database for sale on the dark web.

A team at the Israeli darknet threat intelligence firm KELA spotted a threat actor offering the domain admin access to PIA for $4,000. The offer is still live on two Russian dark web forums and one English forum that KELA had been monitoring.

Based in Tel Aviv, KELA tracks ransomware trends and identifies threats to international organizations and government setups.

The cyber threat research firm has not reported the incident to PIA due to the absence of diplomatic relations between the two countries and made it public through relevant mediums instead.

Speaking to the magazine earlier this month, a KELA spokesperson said that they have been tracking the threat actor who published the domain access to PIA’s network for sale last week. He mentioned the possibility of a ransomware attack on organizations whose network access has been put up on the dark web like this.

“Most of the time, we’re seeing cyber-criminals purchase these initial accesses to gain an initial foothold into the victim’s network, from which they can then perform the lateral movement to advance their access privileges and potentially employ ransomware or some other type of attack,” the spokesperson said.

Aside from the network access, the databases present in the Pakistani airline’s network have also been leaked on the dark web and put up for sale. The cybercriminals posted a sample, which, according to them, carries ‘all the people’s information who use PIA, including names, last names, phone numbers, and passports’.

“The actor mentioned that what he is selling includes around fifteen databases, all with different amounts of record — some around 500,000 records and some around 60,000–50,000 records — but that all the records stored in their network are included,” the KELA spokesperson said.

KELA also revealed that the same threat actor has put 38 databases up for sale at a cumulative price of at least $118,700 since July this year.