‘Invisible God’ Amassed Millions Selling Corporate Data

Published at: June 24, 2020

A new report shows that a Kazakhstani hacker built a million dollar fortune by breaching private networks and selling their data.

Researchers at threat intelligence company, Group-IB, said that the hacker, who operates under the pseudonym “Fxmsp,” began promoting their services across darknet. They posted data for sale on hacking-related forums, offering valuable resources stolen from private corporate networks. Some customers have taken to calling the hacker “The invisible god of networks.”

Millionaire profits for Fxmsp

According to the report, the magnitude of Fxmsp’s cybercriminal business is enormous. They reportedly accumulated $1.5 million in profits over three years by targeting 135 companies from 44 countries.

Fxmsp allegedly began promoting cryptojacking services through a Russian forum, selling corporate network data access. Their services allowed purchasers to mine cryptocurrencies using stolen computer power, though it is unknown whether these services were used to specifically mine Bitcoin (BTC).

The study revealed a number of instances where the hacker managed to expand their target capacity:

“During the time that he was active on [removed link], from early October 2017 to July 31, 2018, Fxmsp put access to 51 companies in 21 countries up for sale. The cybercriminal shared the price in only 30% of cases. By that time, after 9 months of activity, the minimum average price for all visible accesses that I’ve advertised was $ 268,000 (without including the sales I’ve made through private messages).”

Were they really acting alone?

Yelisey Boguslavskiy, AdvIntel’s director of security research, believes that Fxmsp was not acting alone, but rather as part of a cybercriminal team named “GPTitan”. This group is made up of numerous hackers who access various financial environments to steal high-profile network data.

An article published by BleepingComputer, citing an independent source, claimed that “the invisible god of networks” had expanded into a team with an undetermined number of members.

Alliances broken

Fxmsp is known to have worked with a sales manager operating under the pseudonym “Lampeduza”. Fxmsp disappeared from the forums in May 2019, effectively ending the relationship, however.

The report states that Fxmsp and Lampeduza may still be operating privately.

Cointelegraph recently reported that the total USD value of Bitcoin transferred on the dark web rose by 65% in Q1 2020, despite a decline in transactions during the same period in 2019.

Tags
Related Posts
Anonymous Crypto Hacker’s Identity Revealed by US Authorities
The U.S. Department of Justice, or DoJ, indicted Andrey Turchin, known under the pseudonym "fxmsp," with various federal crimes. Turchin allegedly founded a cybercrime group that targeted the computer networks of several companies. After stealing each company’s data, Turchin’s group allegedly sold the data on the dark web. Turchin, a 37 year old Kazakhstan national, is affectionately known on the dark web as "the invisible god of networks." He allegedly sold access to thousands of networks breached with his malware attacks, amassing a million dollar crypto fortune over the course of three years. The Western District of Washington is now …
Technology / July 8, 2020
Robotics Company Falls Prey to Ransomware Attack
Ransomware gang REvil, known for launching stolen data auctions on the dark web, is now leaking sensitive documents stolen from a US-based robotics company. According to an official blog post from REvil on June 11, the team has started leaking confidential data belonging to Symbotic LLC. The post noted: “You do not want to speak with us and you probably think that we will not publish your data. We are already publishing.” The cybercriminal group stated that they’d created a website and paid for the hosting for a year. They threatened to make the robotics company’s data visible for “a …
Technology / June 12, 2020
Ransomware Gang Strikes Again With More Auctions Listing Stolen Data
Ransomware group REvil has started another auction on the dark web listing sensitive data stolen from two US-based law firms. The listing appeared June 6 through REvil’s official blog on the darknet, where bidders look to acquire 50GB of data from Fraser Wheeler & Courtney LLP and 1.2TB of data from the database of Vierra Magen Marcus LLP. Information auctioned includes client information, internal documentation of the company, electronic correspondence, patent agreements, business plans and projects, as well as new technologies that have yet to be patented. IP-related law firm among the victims The law firm Vierra Magen Marcus LLP …
Technology / June 8, 2020
Devs at Blogging Platform Ghost Take Down Crypto-Mining Malware Attack
Developers at blogging platform Ghost have spent the past 24 hours fighting a crypto mining malware attack. Announced in a status update on May 3, the devs revealed that the attack occurred around 1:30 a.m. UTC. Within four hours, they had successfully implemented a fix and now continue to monitor the results. No sensitive user data compromised Yesterday’s incident was reportedly carried out when an attacker targeted Ghost’s “Salt” server backend infrastructure, using an authentication bypass (CVE-2020-11651) and directory traversal (CVE-2020-11652) to gain control of the master server. The Ghost devs have said that no user credit card information has …
Technology / May 4, 2020
Ukrainian Man Faces up to 6 Years in Jail for Cryptojacking on His Own Websites
Ukraine’s Cyber Police have arrested a man who allegedly placed crypto mining malware scripts on his own websites, local law enforcement reported on March 26. The cyber crime unit of the national police of Ukraine arrested a 32-year-old man from the Bukovina region who allegedly placed cryptojacking software on a number of educational websites that he created and administered. The unspecified websites and internet resources had 1.5 million monthly visitors, the police reported. The police also stated that the installed malware on the websites was deploying visitors’ devices’ CPU and GPU power to illegally mine cryptocurrencies. The authority has conducted …
Bitcoin / March 27, 2019