- A seller is claiming to have access to tens of VPN accounts belonging to Banco del Estado de Chile.
- The same hacker is selling other packs of data from South American companies, but no samples are provided.
- Other victims include American Express, Deloitte, Telefonica, and Eleven Paths.
An initial access seller has posted a new listing on a popular hacking forum offering a way into Banco del Estado de Chile, the only public bank in the South American country and obviously one of the most important financial institutions in it. The data is characterized as “fresh,” meaning it hasn’t been previously used or exploited, and the price was set to 1 BTC - which is around $49,850 today.
The listing offers access to 118 VPN accounts, 3 SSH, 2 shells to console “Empresas_xxx,” and 2 GB of email content. The seller has not posted a sample or any screenshots to prove the validity of the listing, so this may very well be a scam.
However, the same user has recently posted data from American Express in Argentina (4 BTC), data from Deloitte Peru (1.5 BTC), and 3 TB of data taken from Eleven Paths and Telefonica in Chile, sold for 10 BTC. In the last listing, the seller claimed that those who want proof could simply ask the firms themselves, implying that Telefonica already knows about this. Responding to user requests for samples, the seller stated that giving away data samples will help the firms secure their systems, so the listing will be rendered worthless.
The only thing that we were able to find in there are some (supposed) email samples and lists that look like ticketing system dumps. All in all, TechNadu cannot confirm the validity of the data, but the chances are high that the seller really has a way to break into all these networks. Also, the seller has clarified that none of the data was acquired through ransomware attacks but instead was stolen directly via legitimate VPN access.
BancoEstado hasn’t made any announcements either on the site or on social media, so nothing appears out of the ordinary. Back in September 2020, the same financial institute fell victim to the REvil ransomware gang. Still, all the bank operations (ATM network, online banking portal, mobile apps) remained unaffected by the attack. Eventually, REvil released samples of the stolen data, and the bank admitted the incident.
We have reached out to BancoEstado and we will update this post with their comment as soon as we have something.