A Telegram channel known for trading illicit digital goods is reportedly selling Web Host Manager (WHM) account details.
These accounts, which are crucial for managing web hosting services, are allegedly being sold for various domains, including 29 Italian “.IT” domains.
The accounts are said to have two-factor authentication (2FA) enabled, raising alarms about the security measures in place.
Details of the Sale
According to reports from ThreatMon, the Telegram channel in question has gained notoriety for its involvement in trading shells and webshells—tools often used by hackers to gain unauthorized access to web servers.
Now, it appears that the channel has expanded its operations to include the sale of WHM accounts.
This move poses a significant threat to the security of affected domains, as WHM accounts provide administrative access to web hosting environments.
Among the 29 Italian domains reportedly compromised are:
- acquadiemtour[it]
- aurelisoil[it]
- batinellisposa[it]
- albeholding[it]
- alessandrapalumbo[it]
- animabruzzo[it]
- beerpark[it]
- biumy[it]
- castellodipandoraeventi[it]
- ciemmecaffe[it]
These domains represent a variety of businesses and services, highlighting the indiscriminate nature of the attack.
Implications for Cybersecurity
The sale of WHM accounts with 2FA enabled is particularly alarming as it suggests that even enhanced security measures may not be sufficient to deter cybercriminals.
This incident underscores the importance of maintaining robust cybersecurity protocols and staying vigilant against potential threats.
The compromised accounts could be used for a range of malicious activities, including data theft, website defacement, and further distribution of malware.
Cybersecurity experts advise administrators of affected domains to conduct thorough security audits and consider changing all access credentials immediately.
It is also recommended that businesses implement additional security measures such as regular monitoring of suspicious activities and educating employees about phishing attacks.
Call to Action As the situation unfolds, cybersecurity professionals urge all stakeholders to remain vigilant and report any suspicious activities related to their web hosting accounts.
The broader community is encouraged to share information about potential threats and collaborate on strategies to mitigate risks.
Also Read:
%20(1).webp?w=1200&resize=1200,0&ssl=1&description=The accounts are said to have two-factor authentication (2FA) enabled, raising alarms about the security measures in place.){kind=link}