Student Brokers Access to Compromised Government and University Websites to Chinese Threat Actors

A student has been selling access to already compromised government and university websites to Chinese threat actors for a few hundred dollars per site. The targeted institutions span the US and Europe, with attackers exploiting unpatched vulnerabilities, particularly in content management systems like WordPress. This incident underscores the critical importance of timely patch management, as the initial breaches went unnoticed or unaddressed, allowing for subsequent exploitation. The compromised sites pose risks of unauthorized access to sensitive data and could be repurposed for phishing campaigns or malware distribution. This case highlights the commodification of access to compromised systems and the cascading risks of unpatched vulnerabilities. Organizations must prioritize vulnerability management and continuous monitoring to detect and respond to breaches promptly. The involvement of a student as a broker also underscores the evolving threat landscape, where individuals with varying motivations can facilitate cybercriminal activities.