Hackers sometimes maintain secret access to servers without the knowledge of the targeted organisation. The access itself can be valuable for sale. Some groups specialise in gaining unauthorised access to servers and selling them to other groups specialised in carrying out operations inside the targeted organisations.
Selling access to organisations
Dark web marketplaces sell illegal drugs, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms and toxic chemicals.
Specialisation reduces the risk of getting caught. For example, groups specialised in gaining access to organisations sell remote access credentials on the dark web. After payment, they provide the details on how to remotely access the target organisation. Also, an insider (employee) in the company may sometimes sell access to company data or servers.
Common exposure types:
Credit card fraud
Exposed personal information leads to identity theft
Cyberharassment and attacking individuals
Exposed credentials
Disclosure of sensitive information and exposure enables phishing
Hacking discussions
Hacktivist groups targeting organisations
Selling access to organisations
Selling forgeries
Disinformation attacks