Someone with nick Achilles sells access to the internal networks of a number of organizations, including UNICEF, Symantec and Comodo, in cybercrime forums.Depending on the organization, the cost of access ranges from two to five thousand dollars.
Earlier, Trojan-killer reported about cybercriminal or a group of cybercriminals with pseudonym Fxmsp that were selling source codes and other data from three US antivirus vendors. However, if Fxmsp is a Russian-speaking grouping, then Achilles members use English and may be Iranians.
“The specific intentions of Achilles as of yet remain unclear. Partial evidence suggests that the actor may be related to an Iranian hacker operating under the alias “Mr.Xhat”. On January 6, 2014, he hacked Tajikistan DNS registrar control panel website domain[.]tj. This allowed the actor to control DNS records for many .tj websites, including, Yahoo, Twitter, Google, and Amazon and redirect requests to a defaced web page”, — argued specialists from Advanced Intelligence (AdvIntel).
According to AdvIntel experts, the Achilles group is popular with the cybercrime community and boasts good reviews on hacker forums.
In a conversation with a potential buyer, the group announced that it had access to the internal networks of UNICEF, information security companies Symantec and Comodo, a manufacturer of software for 3D Hash Inc and Canadian travel agency Transat.
According to the vendors, access to the Symantec and Hash Inc networks is possible through a remote desktop connection.
At the request of journalists from BleepingComputer magazine, the Symantec press service provided the following response:
“Currently, Symantec has not recorded any evidence of network intrusion. We also believe that our customers have no cause for concern”
The group did not provide any evidence that it does have access to the internal networks of Transat, Symantec and Comodo. However, it seems that is still has access to UNICEF documents. For four thousand dollars, Achilles offers customers direct access to an organization’s network, which allows stealing 3.6 TB of data. As proof of their access to UNICEF, cybercriminals provided relevant screenshots.