Threat actor, Dark_Alpha has surfaced on a dark web forum advertising an alleged unauthorized access to the internal network and databases of a Moroccan telecommunications company. The offer includes full network visibility, customer information, and administrative access tools, suggesting a high-risk exposure of the organization’s infrastructure.
According to the post, the access is being sold for $6,000, with the actor accepting private contact via Tox and direct messages. The listing details multiple entry vectors and data points, including:
- Access Type: FortiOS VPN, SolarWinds, SSH, and RDP
- Network Assets: Full network and database access, including customer and site lists
- Monitoring Tools: Network and extranet dashboards for Orange Maroc
- Available Data: Node topology, performance metrics, timestamps of last events, and full customer inventory
- Additional Insight: Topology and dependency mapping showing a hierarchical model (customer → sites → devices)
The actor claims to provide “inside network details with full information,” indicating the compromise may extend beyond basic credentials to include privileged or administrative access within network monitoring environments.
CyHawk Africa’s Analysis
The sale of internal access to a telecommunications provider represents a significant national security concern, given the potential to disrupt communication networks, intercept data, or conduct surveillance operations.
The inclusion of SolarWinds and FortiOS VPN in the listing further implies exploitation of known administrative tools, which could allow full control of connected systems and customer data.
The Orange Maroc reference may also suggest targeting of infrastructure connected to or operated by Morocco’s leading telecom network, underscoring the persistent targeting of critical national infrastructure in the region.
Disclaimer: This report is based on open-source intelligence (OSINT) and dark web monitoring. CyHawk Africa has not independently verified the authenticity of the claimed data. The report is intended solely for cybersecurity awareness and threat intelligence purposes.