A regular user of underground forums and illicit online marketplaces with a track record of selling stolen credentials that can be used to access government, university and corporate networks is attempting to sell access to systems belonging to a large city in Arizona, the cybersecurity intelligence firm GroupSense told StateScoop.
The user, who is believed to be based in either Russia or Ukraine, wants $30,000 for access to a VPN portal hosted on the city’s .gov domain, which would grant access to local internal network resources and enable the buyer to carry out spearphishing efforts to lay groundwork for ransomware or another type of cyberattack against a range of government departments, including those that deal with public safety or critical infrastructure.