Deutsche Bank has denied its systems have been breached after access to the bank’s internal networks was apparently offered for sale on Telegram by an initial access broker (IAB).

Deutsche Bank may have been breached, as access appears to be for sale on Telegram. (Photo by nitpicker/Shutterstock)

Last week the broker claimed to have access to 21,000 machines and 16 terabytes of data. They are selling it for 7.5 Bitcoin, worth approximately £110,000.

Based in Frankfurt, the bank manages assets worth more than $1.3trn. But a Deutsche Bank spokesperson told Tech Monitor on Monday, November 14, the it does not believe it has been compromised. “Following the report implying a potential cyber breach, we conducted extensive analysis to assess potential relevance or impact to Deutsche Bank,” the spokesperson said. “Our assessment to date has shown no indication of compromise or breach. We continuously scan and monitor our technology environment to identify and detect threats, and maintain a robust incident response capability as part of our standard operating procedures.

“Maintaining the integrity and security of the data entrusted to us is as important to us as it is to our clients. We will continue to analyse and monitor the situation closely and provide updates if warranted.”

Deutsche Bank ‘breach’ details posted on Telegram.

The broker, going by the username Ox_dump, announced on Telegram that they possess access to internal networks and machines at Deutsche Bank.

“We are selling another network access of a particular bank,” they said. “We have DA (direct access), domain has around 21 k machines configured mostly with Windows.” 

The announcement has been posted alongside a picture of the Deutsche Bank headquarters in Frankfurt, with the Deutsche Bank icon layered over the picture. 

The broker claims to be able to enter numerous Transmission Connection Protocols (TCPs) like User Datagram Protocol (UDP) as well as HTTP and HTTPS which allows them to access different parts of the network. Access to FTP, shells and servers are listed at the head of the announcement. The IAB also claims to have access to “file servers with more than 16 terabytes of internal data,” including office chat data. 

The claims come after Deutsche Bank’s Frankfurt headquarters and the homes of ten current and former employees were raided by police last month as part of an investigation into the bank’s involvement in the so-called “cum-ex” scandal, which saw billions of euros of government funds being misappropriated.

Cologne prosecutors said that more than 114 police and tax inspectors took part in the raids which were undertaken “in the context with cum-tax deals and related tax fraud schemes”. Prosecutors also raided one of Deutsche Bank’s offices in 2017.

This week the company’s deputy chief security officer, Carsten Fischer, said many organisations are relying on luck – not skill – to fend off cyberattacks. “If you talk to CISOs who work with regular attacks from a nation-state and you ask them how they have detected them, you will figure out that it wasn’t the regular detection methods they were using,” Fischer said. “It was a bit of luck.”

Is Ox_dump also selling data from the Medibank hack?

Ransomware researcher Dominic Alvieri has suggested that Ox_dump is the same broker who sold access to the systems of Medibank, the Australian health insurance provider which had 9.7m records of customers and staff stolen last month.

The broker’s site on Telegram marketplace Telemetrio also appears to suggest that Ox_dump was involved in providing access to millions of credentials belonging to customers at American Express, a leak that was announced last month.

Among Chinese language Mandarin script are the words, “credit card details, mostly from American Express users and those in the US 2022 Oct data,” states the ad. The allegedly stolen data has been on sale since last month.

Read more: Cyberattacks ‘biggest risk’ to UK financial system – Bank of England