Show vulnerabilities with patch / with exploit
9 July 2020

US charges Fxmsp hacker for selling access to corporate networks


US charges Fxmsp hacker for selling access to corporate networks

The US Department of Justice has unsealed an indictment charging a 37-year-old Kazakhstani citizen with crimes related to a financially motivated cyber criminal ring that conducted attacks against corporate entities, educational institutions, and governments across the globe.

The accused man, Andrey Turchin, also known as "fxmsp", allegedly worked together with other members of cybercriminal group to plant backdoors on compromised networks to establish persistent access, which they then sold to other malicious actors.

According to DoJ, since October 2017, Turchin and his accomplices targeted hundreds of organizations across six continents, including more than 30 in the United States.

To compromise target networks Fxmsp often used specially designed tools to scan the Internet for open Remote Desktop Protocol (RDP) ports and gained access to victims’ systems via brute-force attacks, the DoJ alleges. Once inside the network, the accused leveraged various hacking tools to steal administrative credentials and establish persistent access. Oftentimes, the attackers modified antivirus software to evade detection.

Turchin sold the network access on various underground forums, such as Exploit.in, fuckav.ru, Club2Card, Altenen, Blackhacker, Omerta, Sniff3r, and L33t. The asking prices varied from a couple thousand dollars to, in some cases, over a hundred thousand dollars, depending on the victim and the degree of system access and controls.

“Many transactions occurred through use of a broker and escrow, which allowed interested buyers to sample the network access for a limited period to test the quality and reliability of the illicit access. As has been publicly reported, the “fxmsp” group has been linked to numerous high-profile data breaches, ransomware attacks, and other cyber intrusions,” the DoJ said.

Turchin faces five criminal counts, including conspiracy to commit computer hacking, computer fraud and abuse, conspiracy to commit wire fraud, and access device fraud. The most serious charge, conspiracy to commit wire fraud, carries a sentence of up to 20 years.

Back to the list

Latest Posts

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Iranian APT Oilrig becomes the first group to weaponize DNS-over-HTTPS

Oilrig members have added a new DNSExfiltrator utility to their hacking arsenal.
5 August 2020
Hacker published passwords for over 900 corporate VPN servers

Hacker published passwords for over 900 corporate VPN servers

The list was published on a Russian-speaking hacker forum frequented by different ransomware operators.
5 August 2020
Maze operators published dozens of GBs of data from LG and Xerox

Maze operators published dozens of GBs of data from LG and Xerox

Stolen information may include Xerox support records and source code for the firmware of various LG products.
4 August 2020