A collaborative investigation headed by the Cybersecurity experts from a trusted info-sec company confirmed that the Fxmsp hacker was able to profit 1.5 million dollars after auctioning exfiltrated corporate network access. There are about 135 businesses across 44 countries around the globe that got affected. This was continuously done within three years of activity by a fabled hacker.
Known companies, including top antivirus developer companies such as Symantec, Trend Micro, and McAfee, are among the lists they have infiltrated. Now information is posted by some forum users as for sale on many underground marketplaces. But most victim information that was published by Fxmsp is selling is from banks, government organizations, and those in the Fortune 500 roster of businesses.
Fxmsp had caught too much attention as many had confirmed that the access that is for sale is verifiable data. Mostly leads to successful ransomware attacks on too many prominent organizations such as a power company in Europe and the multi-million Italian Enel Group of companies.
Dodging the investigation team
In-depth reports that the network access data that was for auction was not only gathered by Fxmsp alone. Evidence shows that Fxmsp was able to tie-up and collaborate its hideous business with another hacking group named GPTitan. Speculation says that the expansion was made by the hacker to get off the radar while its business continues underground. Other people in the group work as front-liners that talk privately to interested buyers. From financial shadow brokers and traders down to other hackers that are willing to pay for the needed credentials on the targeted businesses. The use of front-liners is a necessity for its move as many Cybersecurity firms have invested in tracking down Fxmsp identity.
Breaching the Defenses of Fxmsp and the actors
Unfortunately, though he was able to mitigate his ingenuity plan to avoid exposure, many security firms also have teamed up and summed up their gathered evidence to be able to pin out the identity of Fxmsp. Names such as Antony Morricone, BigPetya, Five life, Nikolay, and Escobar are the entities that have been under surveillance since its modus is with the same footprint of Fxsmp. With persistent and keen observation, the collaborative group able to analyze and study the expanded hacking group activity of Fxmsp from its forum conversation to its timeline to social media post and domain name registration of suspected Fxmsp identity.
Nonetheless, even with the use of decoys and aliases, his identity became known as Andrey Turchin from Kazahkstan. Rumored that Andrey is currently in the custody of local law enforcement is yet to be confirmed. Now, the group business still active and setting trends to other hackers for definitive ways to be more successful in the line of business and be anonymous in the eye of any cyber intelligence group.