-
A dark web user is allegedly selling high-level VPN and firewall access to a U.S. operating, Indian-founded company.
-
A separate listing offers unauthorized access to an Italian airport system for as low as $100 in cryptocurrency.
-
Similarities in seller profiles have sparked speculation of a possible link between the two incidents.
Cybersecurity concerns are mounting following reports that a member of a dark web forum is allegedly selling “privileged access” to the internal systems of an Indian-founded company with operations in the United States. The listing claims to offer “super admin” level access to the company’s VPN and firewall infrastructure.
Corporate Network Access Put Up for Sale
According to reports, the targeted company generates less than $5 million in revenue and operates an Active Directory-based network supported by more than five Windows servers. The access, if genuine, would grant a buyer extensive control over the organization’s internal systems, potentially allowing them to monitor communications, extract sensitive data, deploy malware, or disrupt operations entirely.
The seller priced this access at $300, a relatively low figure considering the level of control brandished. Cybersecurity experts note that such pricing may indicate either urgency to sell, lack of awareness of the asset’s true value, or a strategy to attract multiple buyers quickly.
Regardless, the implications remain serious, as even small to mid-sized companies often hold valuable client data, financial records, and proprietary information.
Airport System Access Also Allegedly Compromised
In a separate but equally concerning development, another dark web listing claims to offer unauthorized access to the systems of a medium-sized international airport in Italy. Reports say the airport can handle 800,000+ passengers annually, making it a critical infrastructure asset with significant operational importance.
Selling such access seems like either a web shell or a reverse shell with root privileges. Such access would allow a cybercriminal to execute commands remotely, manipulate systems, and potentially interfere with airport operations. This could include anything from disrupting internal communications to tampering with critical systems, depending on the level of network segmentation and security controls in place.
Even more alarming is the price point: the seller is reportedly offering this access for just $100, payable in cryptocurrencies such as Bitcoin or Monero. The low cost lowers the barrier to entry for cybercriminals and increases the likelihood that they can quickly purchase and exploit such access.
While there is no confirmed evidence that the airport systems have been actively misused, the mere existence of such a listing raises serious questions about cybersecurity preparedness within critical infrastructure sectors. Airports, in particular, are high-value targets due to their role in transportation, logistics, and national security.
Speculation Over Possible Link Between Sellers
Adding another layer of intrigue to these incidents, some speculate that the same individual may have posted both listings. Observers noted that the avatars or profile pictures associated with the two sellers appear similar, though the platform redacted their usernames, making it difficult to confirm any direct connection.
If the same actor is indeed responsible, it could suggest a broader operation targeting multiple sectors, ranging from private companies to critical infrastructure. However, without concrete evidence, cybersecurity analysts caution against drawing definitive conclusions.
These incidents underscore how dark web marketplaces continue to pose persistent and evolving threats, where actors routinely buy and sell stolen or unauthorized access. They also highlight the need for organizations to adopt stronger cybersecurity measures, including regular system audits, secure configuration of network assets, and continuous monitoring for unusual activity.
As cybercriminals continue to exploit vulnerabilities and monetize access, proactive defense strategies remain essential. The Italian spyware scandal, where a journalist’s phone was hacked, serves as a reminder that individuals must also take precautions, as even personal devices can be targeted by sophisticated attackers seeking to compromise sensitive communications.
