C-Suite Emails Compromised, Data Up for Sale on Dark Web

An unknown hacker is selling Microsoft and Office 365 email account credentials of hundreds of C-level executives on an underground forum.

There’s no shortage of cybersecurity incidents, as is evident this year. Now, an anonymous hacker is reportedly selling Microsoft and Office 365 account data of hundreds of top executives in leadership roles from countries worldwide.

This data includes credentials (usernames and passwords) of executives such as the company president, vice president, chief operating officer (COO), chief financial officer, chief technology officer (CTO), chief marketing officer (CMO), and even the chief executive officer (CEO).

The data is being sold on an underground forum exploit.in, as discovered by ZDNet. Since exploit.in is off-limits to the general public, ZDNet confirmed the legitimacy of the account credentials with the help of an anonymous source from the cybersecurity community.

The source obtained credentials of two accounts — one of them being the CEO of a medium-sized software company based in the U.S. and the other a CFO of a European retail store chain. According to the source, hundreds of other user credentials are put up for sale, each with a price tag hovering between $100 to $1500 per user account.

The seller refused to divulge how they got the data, but it is widely speculated that AzorUlt trojan was used. AzorUlt is used to obtain information from infected computers, called Azor logs. Cyber threat intelligence company KELA told ZDNet that the same malicious actor had previously shown interest in procuring these Azor logs.

The executives whose accounts have been compromised could also find themselves a target of business email compromise (BEC) attacks. In 2019, the FBI received 23,775 BEC attack complaints, which resulted in losses of more than $1.7 billion, totaling half of the total cyber crime-related losses in the year. Later, between April and May 2020 BEC attacks increased 200%, making it one of the most preferred and successful cyber fraud methods.

BEC is also the #1 source of payment fraud attempts on U.S-based organizations in 2019, wherein 75% of organizations were the targets of such attacks. Besides BEC attacks, credentials on sale also expose the account and the sensitive company information to external malicious actors and competitors.