06/23/2020
Lena Dzhess
Group-IB Specialists Revealedthe alleged identity of the Russian-speaking hackerFxmsp, which for three years sold access to the corporate networks of international companies on the darknet. This is stated in the analytical report “Fxmsp: the invisible god of the network.”
Together with his accomplice under the nickname Lampeduza,who took over the advertising and support of all transactions, from October 2017 to September 2019, the hacker compromised about 135 companies in 44 countries of the world. Four of the companies attacked by Fxmsp are in the 2019 Fortune Global 500 ranking. According to minimal estimates, the attacker's profit was $ 1.5 million.
The first hacker activity was recorded in2017 year. He started by installing hidden miners for mining Monero cryptocurrency on the servers of his victims, and then switched to hacking corporate networks.
Fxmsp independently engaged in all stagesattacks, including scanning the IP range in search of the open RDP 3389 port for remote desktop, brute force, fixing to the network and installing backdoors.
“In the second half of 2017, in the “elite” niche of sales of access to corporate networks, Fxmsp was the most prominent player and the absolute leader in the number of lots,” says Group-IB.
The main activity of Fxmsp was in 2018,after which the niche was empty for some time, and since the beginning of 2019, cybercriminals had followers. According to Group-IB, since the beginning of 2020, more than 40 cybercriminals have been using Fxmsp techniques.
Having analyzed the mail addresses of the hacker, hisaccounts in Jabber, Skype and underground forums, as well as related domains, Group-IB experts concluded that a resident of Kazakhstan, Andrei T., is supposedly hiding under the nickname Fxmsp
“This is confirmed by the use of the same pseudonyms, as well as common interests associated with exchange platforms,” the report says.
We add that the name Andrei surfaced in May 2019 in connection with a discussion of a hacker attack on three leading US antivirus companies.
Group-IB experts did not rule out that a hackercan still continue hacking networks. The materials of the report were submitted to international law enforcement agencies to identify Fxmsp.
Earlier, Group-IB reported that in 2019 the number of attacks by ransomware viruses increased by 40% compared to the previous year, and the ransom sizes during this period increased from $ 8,000 to $ 84,000.
Read this:
Researchers have discovered a simple way to cheat face recognition systems
Charles Hoskinson: “Nakamoto’s identity can be calculated using the stylometry of the source code”
Ukrainian cyber police detained a hacker who cracked a crypto account
New headphones can confirm user identity
Satoshi Nakamoto's personality: Hal Finney created Bitcoin?
The media revealed a new metric that could portend a drop in bitcoin