Hackers are fond of hijacking email accounts, and one of them may have obtained a motherlode of potential targets. ZDNet and Gizmodo report that a hacker is selling claimed access to “hundreds” of C-suite executives’ Microsoft-based email accounts, including CEOs, vice presidents and directors. The targets include the chief of a mid-sized American software company, the president of a US apparel maker and the CFO of a European retail chain.
The accounts are on the market in a limited-access Russian underground forum and sell for $100 to $1,500 each depending on the value. Threat intelligence firm KELA noted the hacker might have obtained the account logins by buying data from computers infected with a data-stealing AzorUlt trojan.
A source for ZDNet claimed to have confirmed authenticity of two accounts, although it’s not certain if that holds for every victim. That same tipster is also notifying companies whose information is known to have leaked.
If the login theft is as successful as it seems, it could hurt both the executives and their workers. This could be used for relatively common scams that fool rank-and-file staff into sending money to hackers posing as company leaders. The accounts might also help with blackmail and extortion campaigns. Intruders could even crack other accounts by using the access to defeat email-based two-factor authentication. To put it another way, the damage could extend well beyond the leaders themselves.