‼️🇺🇸 A well-known initial access broker is selling root-level remote code execution access to a...

An initial access broker is actively selling root-level RCE access to a compromised firewall at a major US aerospace and defense contractor ($20B+ valuation). The $1,000 price point indicates commodity-level access, suggesting multiple buyers may already have control. This represents direct compromise of critical infrastructure with immediate risk of lateral movement into defense supply chain networks.

CRITICALAdvisoryApr 08, 2026

Action required

Immediately hunt for indicators of compromise on all firewall management interfaces, VPNs, and network edge devices. Prioritize: review firewall logs for suspicious admin access, check for persistence mechanisms, audit all outbound connections from perimeter devices, and assume lateral movement has occurred until proven otherwise.

Linked articles

‼️🇺🇸 A well-known initial access broker is selling root-level remote code execution access to a...

Source links

https://x.com/DarkWebInformer/status/2041678716590305560