Prolific Hacker Made Millions Selling Network Access

A notorious Russian cyber-criminal made over $1.5m in just the past three years selling access to corporate networks around the world, according to a new report from Group-IB.

The study profiles the work of “Fxmsp” on underground forums where he published his first ad selling access to business networks in 2017.

Over the following years he would compromise banks, hotels, utilities, retailers, tech companies and organizations in many more verticals.

In just three years he claimed to have compromised over 130 targets in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.

Group-IB calculated the $1.5m figure purely from publicized sales, although 20% of those Fxmsp compromised were made through private sales, meaning the hacker’s trawl is likely to be even bigger.

Fxmsp even hired a sales manager in early 2018.

He leapt to infamy in 2019 after a widely publicized compromise of the networks of three anti-virus vendors, before apparently going quiet.

According to the report, Fxmps’s tactics were disconcertingly simple. The hacker would scan IP addresses for open RDP ports, especially 3389, brute force the RDP password, disable any AV and firewall and then create additional accounts.

Next, he would install the Meterpreter backdoor on exposed servers, harvest and decrypt dumps from all accounts and then install backdoors on the backups. This meant if a victim spotted something suspicious and rolled back to backups, Fxmsp could achieve persistence.

“Fxmsp is one of the most prolific sellers of access to corporate networks in the history of the Russian-speaking cyber-criminal underground. He set a trend and his ..

Support the originator by clicking the read the rest link below.