The Fxmsp hacker is a Kazakhstani citizen who hacked anti-virus firms like Trend Micro, Symantec, and McAfee.
In May 2019, we reported on a hacking group named Fxmsp that hacked 3 anti-virus companies and stole their source code offering it up for sale. This was just one incident in the belt of this ambitious group who had put their skills to the wrong use.
But turns out, an end is coming. Just recently, the Justice Department of the United States has indicted Andrey Turchin, a citizen of Kazakhstan alleging him to be a part of Fxmsp. The charges, according to court documents [PDF] seen by Hackread.com include the following:
- Conspiracy to commit computer hacking – up to 5 years in prison
- Two counts of computer fraud & abuse – up to 5 & 10 years in prison respectively
- Conspiracy to commit wire fraud – up to 20 years in prison
- Access device fraud – up to 10 years in prison
Citizen of Kazakhstan, known as “fxmsp,” charged with computer fraud, wire fraud, and conspiracy for hacking hundreds of corporate networks in more than 40 countries worldwide: https://t.co/QO9NOOPnLa pic.twitter.com/I6tXLv3vxI
— FBI Seattle (@FBISeattle) July 8, 2020
Currently, it is not confirmed whether Andrey has been arrested by authorities but there is speculation that he may have already been detained.
As for the crimes in detail, according to the judgment, the alleged was responsible for targeting numerous victims numbering in the hundreds globally from which about 30 could be found in the US. The victims included businesses from diverse industries such as Energy, Food, Education, and even government departments.
To do so, a variety of tactics along with sophisticated malware was used by the Fxmsp group. An example given is of the attacker finding open Remote Desktop Protocol (RDP) ports and finding his way in through brute-forcing them.
After gaining access, he then spread malware to steal high authority credentials and tampered with antivirus software as a method of maintaining access to avoid getting snuffed out.
The data and other monetizable information obtained were then listed for sale on different criminal forums including those for carding such as Club2Card bringing in thousands of dollars.
Explaining further, the Justice Department’s website states,
Many transactions occurred through use of a broker and escrow, which allowed interested buyers to sample the network access for a limited period to test the quality and reliability of the illicit access.
To conclude, for the future, we are to see how the extradition process takes place and what time does the alleged actually face if convicted.
This case no doubt will act as an important deterrent for other cybercriminals who take advantage of being beyond borders. Other countries could learn from this as well and cooperate internationally on fighting not only physical but also cybercrime.