Access to the investment bank’s internal systems is being offered for sale online. Has it been breached?
The broker claims to have access to 21,000 machines and 16 terabytes of data. They are selling it for 7.5 Bitcoin, worth approximately £110,000. Based in Frankfurt, the bank manages assets worth more than $1.3trn.
Is Deutsche Bank breached?
The broker, going by the username Ox_dump, announced on Telegram that they possess access to internal networks and machines at Deutsche Bank.
“We are selling another network access of a particular bank,” they said. “We have DA (direct access), domain has around 21 k machines configured mostly with Windows.”
The announcement has been posted alongside a picture of the Deutsche Bank headquarters in Frankfurt, with the Deutsche Bank icon layered over the picture.
The broker claims to be able to enter numerous Transmission Connection Protocols (TCPs) like User Datagram Protocol (UDP) as well as HTTP and HTTPS which allows them to access different parts of the network. Access to FTP, shells and servers are listed at the head of the announcement. The IAB also claims to have access to “file servers with more than 16 terabytes of internal data,” including office chat data.
If these claims are validated, such access could be devastating for the bank’s reputation as it comes on the coattails of another scandal. Last month, Deutsche Bank’s Frankfurt headquarters and the homes of ten current and former employees were raided by police as part of an investigation into the bank’s involvement in the so-called “cum-ex” scandal, which saw billions of euros of government funds being misappropriated.
Cologne prosecutors said that more than 114 police and tax inspectors took part in the raids which were undertaken “in the context with cum-tax deals and related tax fraud schemes”. Prosecutors also raided one of Deutsche Bank’s offices in 2017.
This week the company’s deputy chief security officer, Carsten Fischer, said many organisations are relying on luck – not skill – to fend off cyberattacks. “If you talk to CISOs who work with regular attacks from a nation-state and you ask them how they have detected them, you will figure out that it wasn’t the regular detection methods they were using,” Fischer said. “It was a bit of luck.”
Tech Monitor has approached Deutsche Bank for comment but had not received a response at the time of publication.
Is Ox_dump also selling data from the Medibank hack?
Ransomware researcher Dominic Alvieri has suggested that Ox_dump is the same broker who sold access to the systems of Medibank, the Australian health insurance provider which had 9.7m records of customers and staff stolen last month.
The broker’s site on Telegram marketplace Telemetrio also appears to suggest that Ox_dump was involved in providing access to millions of credentials belonging to customers at American Express, a leak that was announced last month.
Among Chinese language Mandarin script are the words, “credit card details, mostly from American Express users and those in the US 2022 Oct data,” states the ad. The allegedly stolen data has been on sale since last month.
https://techmonitor.ai/technology/cybersecurity/deutsche-bank-hack
https://techmonitor.ai/technology/cybersecurity/deutsche-bank-hack
