We previously reported on threat actors breaching systems tied to Nigeria’s banking sector, including the Chartered Institute of Bankers of Nigeria (CIBN). New posts on dark web forums suggest the situation has escalated, with multiple actors now advertising admin-level access to CIBN’s infrastructure.
One post by a user named httpd offers a free web shell on portal.cibng.org, along with SSH logs granting full admin privileges, claiming they can disable the site at will to prove access. Another listing by Karma is even more alarming: they are selling RDP access to CIBN servers running Windows Server 2019, located in France, for $330, noting that the system contains details on numerous Nigerian bankers.
Screenshots from the server manager interface were included as evidence, showing the system’s configuration. This suggests attackers are moving from simple leaks of member data to actively monetizing deep administrative access, posing serious risks to sensitive financial records, internal documents, and even banking operations.
Read our previous coverage on this unfolding threat: