Imperial Market Advertise Here Hidden Links



Prolific Hacker Made Millions Selling Network Access

A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report from Group-IB. The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.

Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organizations in many more verticals. In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.



Group-IB calculated the $1.5m figure purely from publicized sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger. Fxmsp even hired a sales manager in early 2018.



He leapt to infamy in 2019 after a widely publicized compromise of the networks of three anti-virus vendors, before apparently going quiet. According to the report, Fxmps’s tactics were disconcertingly simple. The hacker would scan IP addresses for open RDP ports, especially 3389, brute force the RDP password, disable any AV and firewall and then create additional accounts.



Next, he would install the Meterpreter backdoor on exposed servers, harvest and decrypt dumps from all accounts and then install backdoors on the backups. This meant if a victim spotted something suspicious and rolled back to backups, Fxmsp could achieve persistence.



“Fxmsp is one of the most prolific sellers of access to corporate networks in the history of the Russian-speaking cyber-criminal underground. He set a trend and his success inspired many others to follow suit: the number of sellers of access to corporate networks increased by 92% in H2 2019 vs H1 2017, when Fxmsp entered the market,” said Dmitry Volkov, CTO of Group-IB.



“Prior to Fxmsp joining the underground, the sellers would offer RDP access to separate servers, without even bothering to ensure persistence or performing reconnaissance in the network. Fxmsp took this service into a whole new level.”



In a recent report on the cybercrime underground, Trend Micro warned that access-as-a-service is becoming an increasingly popular offering on dark web sites. Prices for Fortune 500 companies can reach up to US$10,000, it claimed.

Share this article



  • The Deep Web
  • Cryptocurrencies
  • Darknet Markets
  • Cybersecurity & ...
  • Editor's Picks
While the dark web offers a haven for criminals
We’ve seen an ugly trend recently of tech news
Data breaches are almost always a catastrophic
"The City of Knoxville is aware that the threat
The threat actor behind the Sodinokibi (REvil)
A database of 384,319 BMW car owners in the U.K.
Attackers who used the Nefilim ransomware, that
A Winnipeg woman has been sentenced to six years
SQL databases allegedly stolen from 945 websites
  • 1
  • 2
  • 3
 
Submarine   Hidden Links   Onion Scanner
 

 

Visit Our Friends

Subscribe to Our Newsletter

Enter your email to receive our monthly newsletter!
We use cookies to improve our website. By continuing to use this website, you are giving consent to cookies being used. More details…