Redazione RHC : 22 August 2025 08:12
A recent post on an underground forum has attracted the attention of cybersecurity experts. A user claimed to have sold administrative access to Roche, a pharmaceutical giant with over 100,000 employees and revenues of approximately $69.7 billion.
The message, accompanied by the company logo and links to public information sites, was presented as a sort of “trophy” shared within the criminal community. It’s likely the intent was to gain credibility with other users and attract potential buyers interested in high-value access.
Disclaimer: This report includes screenshots and/or text from publicly available sources. The information provided is for threat intelligence and cybersecurity risk awareness purposes only. Red Hot Cyber condemns any unauthorized access, improper dissemination, or illicit use of this data. At this time, it is not possible to independently verify the authenticity of the information reported, as the organization involved has not yet released an official statement on its website. Accordingly, this article should be considered for informational and intelligence purposes only.
Underground forums have been a hub for the digital black market for years. In these spaces, hidden on the dark web and protected by anonymity systems, stolen credentials, malware, phishing services, and access to corporate networks are exchanged.
Posting an announcement like the one related to Roche fits into a well-known dynamic: flaunting a “conquest” to bolster one’s personal reputation.
However, it’s likely that not all of these announcements correspond to an actual intrusion. In the world of underground forums, the line between reality and propaganda is often blurred. Sometimes criminals publish partial or even false information to attract buyers. In other cases, access is sold multiple times to different parties, creating further risks for victims and fueling a vicious cycle that mixes truth and lies. This makes it extremely difficult to verify the validity of claims without thorough investigations.
In recent years, several similar platforms have been shut down thanks to coordinated operations by international authorities. RaidForums, BreachForums, and Darkode have been dismantled, and many users have ended up under investigation precisely because of their own posts. It is therefore likely that overly dramatic statements, such as the one related to Roche, could attract the unwanted attention of investigators and cyber intelligence analysts, turning into a dangerous own goal for those seeking criminal notoriety.
The underlying fact remains clear, however: the phenomenon of underground forums continues to grow. According to recent estimates, 2024 saw a significant increase in data shared on these spaces, with billions of compromised credentials put up for sale. It’s likely that, in such a scenario, posts like the one appearing in the name of Roche aren’t isolated cases, but part of a criminal marketing strategy that feeds on hype, prestige, and fear.
Redazione