HQ/EMEAFind out how we can help your business
The notorious threat actor, Moxito, has caused alarm to various financial institutions after its recent alteration to its old database.
According to one of our iZOOlogic researchers, this hacker, operating under the moniker @resetmyname, has recently updated an old database for sale, which now includes Indian bank names.
Moxito revealed that the data set is a mobile number database.
According to our researchers, the recently updated Moxito database includes data format that ranges to ‘Country:City:Street:Postalcode,’ ‘First Name Last Name,’ ‘Phone number,’ ‘Bank name,’ ‘Visa/Mastercard’ and ‘GOLD/debit/standard,’ among others.
In addition, our investigation believes that most of the newly included details are Personal Identifiable Information (PII) data. Hence, the upgrades on this sold product could potentially compromise relevant parties to the affected banks, especially customers.
The sale of such sensitive information raises grave concerns regarding data privacy and cybersecurity, particularly in India, where the financial sector is rapidly digitising. The consequences of this breach could reach far beyond the digital realm, potentially exposing unsuspecting individuals to identity theft, financial fraud, and other malicious activities.
As of now, our researchers have spotted that the asking price of this threat actor in exchange for the database is $100 per 1,000-10,000 thousand lines and $200 for 20,000 lines. These prices could attract other malicious entities as such lines could substantially compromise India’s banking industry.
To make matters worse, one of our researchers noticed that the threat actor posted the updated database on a popular cybercriminal forum, expanding its scope to attract more potential buyers.
Furthermore, @resetmyname has also created its chat group to expedite negotiations with any willing buyer or answer queries about the legitimacy of the database.
These unprecedented actions from Moxito showed its status as a formidable adversary to different entities and cybersecurity. The hacker has become one of the most notable players in the cybercriminal world whose actions reverberate far beyond the confines of the digital realm.
Therefore, our researchers here in iZOOlogic advise potentially affected parties, especially Indian bank customers, to be more cautious with unsolicited communications as other threat actors that are looking to execute additional campaigns acquired the database.
