-
Cybercriminals are selling complete access to a Pakistani manufacturing company’s network on the open web.
-
The package includes FortiVPN credentials, admin panel access, and domain administrator accounts for over 500 hosts.
-
The company allegedly records 500 to 1,000 workers, recording revenue of more than $480 million every year.
Imagine finding the entire network of your corporate network for sale online. Not on some hidden dark web forum, but openly advertised like a software subscription. That’s exactly what happened to a Pakistani manufacturing company. A threat actor is bundling their VPN and domain admin access like it’s a SaaS package deal.
Cybersecurity Insights & Tips provider Arnav Sharma commented on X after seeing a post about the incident. His observation was striking: “Selling VPN plus domain admin like it is a SaaS bundle: one low price and your entire threat model goes to managed service.”
A Complete Network Compromise Package
The listing appeared on December 2, 2025, posted by a threat actor using the handle “Mark1777.” What makes this particularly alarming is the scope of access being offered. This isn’t just a stolen password or two. It’s a complete takeover kit.
The package includes FortiVPN credentials that allow remote access to the company’s network. It also provides access to the admin panel and domain administrator accounts. With domain admin access, an attacker can break into any system, hijack preferred data, and surf the network without raising dust.
The target is a manufacturing company in Pakistan with substantial operations. According to the listing, the company has between 501 and 1,000 employees. The claimed annual revenue exceeds $480 million. The network includes over 500 hosts and at least five administrator accounts.
The company runs Kaspersky antivirus protection. But security software means nothing when attackers already have legitimate administrator credentials. They can simply walk right past it.
Global Organizations Targeted in Alleged Access Sale
This Pakistani manufacturer isn’t alone. A bad actor has reportedly published a major listing of network access credentials to a good number of high-value entities all over Asia, Europe, and the United States. This trend of corporate access being sold in bulk is not isolated, as seen in recent reports of dark web markets being flooded with logins from major UK companies. The ad, sighted on a cybercrime hub, promotes “remote entry” into entities in charge of critical sectors, higher education, industrial machinery, as well as government.
The scale of the alleged victims is substantial. The post claims targets include a US-based industrial equipment firm with over $5 billion in revenue and a Malaysian government body with revenue exceeding $1 billion.
The bad actor is allegedly monetizing various kinds of “remote access.” These could give buyers an initial foothold to commence further attacks, like data theft and ransomware. The costs of this claimed access range between $500 to $60,000. The pricing seems correlated with the organization’s size and the level of administrative privilege offered.
The seller claims to be offering verified credentials for widely used corporate and government network access points. This indicates a potentially severe security breach for the involved entities.
The types of allegedly compromised access points for sale include:
- Pulse Secure domain user access
- RDweb domain user access
- Cisco domain admin access
- Global Protect domain user access
- Cisco VPN user access
The casual nature of these listings is particularly concerning. Threat actors present stolen access like legitimate products, complete with details about company size, revenue, and existing security measures. They’re essentially providing sales pitches to potential buyers.
This incident highlights major setbacks that many entities face. Credential theft has remained one of the top attack vectors in records. As such, firms must adopt multi-factor authentication across all of their administrative profiles. Incessant security audits should confirm that access management is adequately configured.
Organizations need to monitor for unusual VPN connections and administrator activity. Even users having valid credentials should go through further verification when in contact with sensitive systems. Given today’s threat evolution, one single jeopardized credential can deter years of security investment.
