A team of Israeli cyber threat researchers has revealed that Russian hackers have put the Pakistan International Airlines’ (PIA) network access and database on sale on the cyber underground.
According to InfoSecurity, a leading magazine on information security, a team at the darknet threat intelligence firm KELA spotted a threat actor offering the domain admin access to the airline for $4,000. The offer is still live on two Russian and one English dark web forums that KELA had been monitoring.
Stationed in Tel Aviv, the firm tracks ransomware trends and identifies threats to international organizations and government setups.
KELA has not reported the incident to PIA due to the absence of diplomatic relations between the two countries and made it public through relevant mediums instead.
Speaking to the magazine on 9 November, a KELA spokesperson said that they have been tracking the threat actor who published the domain access for sale to PIA’s network last week.
A week later, the hackers also put all the databases in the airline’s network on sale. The cybercriminals posted a sample, which, according to them, carries ‘all the people’s information who use PIA, including names, last names, phone numbers, and passports’.
“The actor mentioned that what he is selling includes around fifteen databases, all with different amounts of record — some around 500,000 records and some around 60,000–50,000 records — but that all the records stored in their network are included,” the KELA spokesperson said.
KELA also revealed that the same threat actor has put thirty-eight databases up for sale at a cumulative price of at least $118,700 since July this year.
The threat researchers suspect that the hacker has more records that he offers in private chats.