Underground Radar: Possible Compromise of MySQL.com and its Subdomains

         We recently found an interesting post in a Russian underground forum in the course of our research. People exchange information about their illegal activities in these kinds of forums. We found a user in the forum with the handle ‘sourcec0de‘ and ICQ number ’291149′ who is currently offering root access to some of the cluster servers of mysql.com and its subdomains.
          The screenshot above shows that the seller appears to have a shell console window with root access to these servers. The price for each access starts at $3,000 USD, with the exchange of money/access being provided by the well known garant/escrow system, whereby a trusted third party verifies both sides of the transaction.

          In our previous underground research, we have also seen the user ‘sourcec0de’ selling stolen PayPal accounts and discussing the management of botnet command and control servers. We contacted MySQL.com about this issue last week. We are making this public to stress the fact that hackers do not only profit from selling stolen data or by inserting bad links into spammed or phishing messages, websites and other possible infection vectors.

          In this case, whether sourcec0de‘s claim is true or not, it shows how cybercriminals are so brazen as to sell admin access to specific systems, which could be negatively impacted by their break-ins.

Posted in: Hacking news