Blog

The alert has been created by the sale of RDP access to various European and American organizations on behalf of Jacksparrow, a member of the top level Ramp forums.

Within the information package offered by the attacker, it includes RDP access with administrator privileges for a Colombian company that has not yet been identified but that claims annual income of $900,000,000 USD. According to the attacker, the compromised network contains at least 170 IP addresses.

Other compromised accesses for large industries are for the networks of 2 organizations in the United States, 1 in the United Kingdom, 1 in Belgium, and 1 in France, all with local user privileges and $5,000,000 USD in annual revenue, the attacker claims to offer each one of the accesses between $100 and $500 USD.

For other lines of business, it says that it has RDP access to the networks of a renowned university that also has annual revenues of up to $5 MM USD. The threat actor reports that the corporate database contains at least 200 GB of files, documents, tickets, invoices, emails from administrators of each corporation, although the network is protected with Webroot software acting as antivirus, the threat actor threats declared that the accesses were obtained through brute force.

Within the study developed on this threat, a low credibility for jacksparrow is found, this user registered his account in May 2022 and has only written 8 threads and posts in the Ramp forums, few sales were also found for this account and only 1 endorsement in the forum, which would indicate an account without a reliable history.