- Known as ‘Achilles’, the threat actor boasts of having access to internal networks of UNICEF and antivirus firms Comodo Group and Symantec.
- Access to these networks was offered at prices ranging from $2000 to $5000.
A threat actor who goes by an online name ‘Achilles’ has claimed to have access to internal computer networks belonging to major organizations. Security firm AdvIntel, which outlined the activities of Achilles, said that the attacker had access to networks of UNICEF and many other high-profile corporations. The firm also suggested that the actor targeted private sector entities as well as public domains, government-affiliated companies, and international organizations.
Achilles is reported to be English-speaking and was active on online underground hacking forums.
The big picture
- According to AdvIntel, Achilles told that it could provide access to corporate networks which included UNICEF, hash[.]com and other undisclosed organizations. This was on May 4, 2019.
- The actor also mentioned that the UNICEF breach, priced at $4000, could provide 4TB of data. The price was eventually reduced to $2000.
- On May 15, 2019, Achilles claimed to have access to networks belonging to Transat, Comodo Group, and Symantec. In fact, it claimed Transat was breached sometime between May 12 to May 13.
- However, the actor did not provide any evidence to AdvIntel to prove this claim.
Regarding the methods used by Achilles, AdvIntel believed that the actor extensively relied on RDP and VPN.
“Usually Achilles utilizes living-off-the land (LotL) tactics: the actor prefers to avoid using external malware kits. Instead, they either compromise a Remote Desktop Protocol (RDP) or leverage stolen credentials to establish stable and secure external Virtual Private Network (VPN) access into the victim's network,” explained AdvIntel.