Notorious Russian hacker “Fxmsp” made over $1.5m in three years selling access to hacked corporate networks around the world
This one way of making easy money. Security researchers from Group-IB have identified a Russian hacker who operated with the handle “Fxmsp” on underground forums market places and hacker forums. Group-IB researchers found that this Russian hacker not only hacked into business networks but also made huge money in the process.
The first ad for selling hacked business networks was created by “Fxmsp” on underground forums in 2017. Since then, the Group-IB says he has been selling business networks of banks, hotels, utilities, retailers, tech companies, and organizations in many more verticals. Group-IB claims that in three years, “Fxmsp” hacked into nearly 130 businesses in 44 countries, including four Fortune 500 firms. Some 9% of his victims were governments.
“Fxmsp” made huge profits from the sale of hacked business networks. The Group-IB estimates he made $1.5 million from the rates advertised by him while selling the hacked networks on the hacker forums. The actual figure may be in the range of $2 to $2.5 million.
Such was “Fxmsp’s” success that he had to hire a sales manager to keep track of his ill-gotten trove in early 2018. In 2019, he advertised network access to three anti-virus companies, McAfee, Symantec, and Trend Micro. But Group-IB says that after that he went absolutely quiet.
Fxmsp would scan IP addresses for open RDP ports, especially 3389, brute force the RDP password, disable any AV and firewall, and then create additional accounts. He would then install the Meterpreter backdoor on exposed servers.
Once he had access to the data, he would compile decrypted dumps for sale on the dark web hackers forums. He would also install the Meterpreter backdoor on the backups on the server. This ensured that if the hacked company rolled back to the back-up, Fxmsp would still have access to the webserver.