Data leak marketplace pressures victims by emailing competitors

The Marketo data theft marketplace is applying maximum pressure on victims by emailing their competitors and offering sample packs of the stolen data.

Last month, BleepingComputer reported that cybercriminals started to create dedicated data-theft extortion marketplaces that exist solely to sell stolen data.

The data sold on these sites are obtained through the marketplace's own attacks, from other threat actors, or by collecting data released in other attacks, such as ransomware or website data breaches.

The stolen data is sold for as low as $100 to tens of thousands of dollars depending on the marketplace.

Under pressure

One of these marketplaces, known as Marketo, is now taking it a step further and emailing the victim's competitors to offer samples of the stolen data and entice them into purchasing it.

In April, Marketo claimed to have breached a large, heavy machinery and defense technology company and began selling their stolen data.

After we assume they could not find any buyers, Marketo started emailing the communication managers for the victim's competitors to offer a "demo pack" of the stolen data.

"Hello, we are Marketo and we know you have a competitor - [redacted]. So we would like to inform you that we attacked them and downloaded quite a bit of data," read the email shared with BleepingComputer.

"We have confidential and personal data, info about their tax payments, clients and partners. That might significantly lower the NASDAQ price."

It is not clear if Marketo were hoping competitors would purchase the data to learn corporate secrets or to pay to damage the reputation of their competitors.

The list of competitors that received this email includes multi-national billion-dollar companies whose names would be immediately recognizable to everyone.

Targeting victims' competitors to pressure a ransom payment or even encourage other companies to purchase stolen data is not new.

After the Clop ransomware gang went on a hacking spree targeting Accellion FTA secure file transfer devices to steal their hosted data, they also performed a similar tactic as Marketo.

After not receiving ransom payments from various victims, Clop began emailing competitors and journalists with information about the attacks to pressure the victim.

For one of these victims, Clop also emailed the company's customers and told them that their "phone, email, address, credit card information and social security number" would soon be leaked unless they "Call or write to this store and ask to protect your privacy!!!!"