The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

DOJ Charges "fxmsp" Hacker for Breaching 300 Organizations

by Chris Brook on Wednesday July 8, 2020

Contact Us
Free Demo
Chat

The hacker, based in Kazakhstan, sold backdoor access to over 300 victim networks, some for up to $100,000.

The U.S. Justice Department formally charged a hacker based in Kazakhstan this week for breaking into and maintaining a foothold on hundreds of networks worldwide.

According to the DOJ, which announced the charges Tuesday, the hacker, Andrey Turchin - known online as "fxmsp" - was responsible for breaking into a variety of organizations and then establishing backdoors, targets included educational institutes, corporate entities, and even governments.

Turchin hacked into and sold access to over 300 entities in total – then sold that access at a premium - some backdoors cost as much as $100,000; others cost a couple of thousand.

The indictment, unsealed in the United States District Court for the Western District of Washington, names two counts of computer fraud and abuse, conspiracy to commit wire fraud, access device fraud, and conspiracy to commit computer hacking.

"The objectives of the conspiracy included gaining increasing levels of access to, and control of, protected computers of victim entities through the use of deception and false representations and fraudulently obtained credentials. The objectives of the conspiracy further included, using such access and control obtained through deceptive means, to compromise additional computers and networks both internally and externally to the victim entity. The ultimate purpose of the conspiracy involved the selling of access to victim computer networks to other cybercriminal actors for financial gain."

Turchin and his associates - he worked alongside an eponymous group, "fxmsp," hacked the organizations for more than a year, between October 2017 and December 2018, using fairly run of the mill techniques, like by targeting open Remote Desktop Protocol ports, phishing campaigns, and brute force attacks. Once in, Turchin and company moved laterally, installed malware to steal passwords, remote access trojans, and bypassed antivirus settings to steal login credentials to ensure persistence.

According to the indictment, the group advertised access to over 300 organizations across six continents, including 30 entities in the U.S. Reports claim the group has earned at least $1.5 million thanks to their business model.

While the indictment doesn’t pin any particular data leaks on the group, its been a constant fixture in infosec stories over the last several years. It was mentioned in a 2018 FireEye report on internet crime - specifically it was linked to a global breach of a luxury hotel group. It was also connected to the sale of access to internal networks and assets belonging to three US-based antivirus companies in 2019.

The indictment doesn’t name any of the companies but says the group offered access to a luxury hotel group with locations across Europe, North Africa, Latin America, and the Caribbean, an Alaska petroleum company, a software developer in California, a U.S. hotel chain, an African power company, a private school, and a university in Puerto Rico, to name a few.

Of course, in today’s world, it’s unclear whether the indictment will actually amount to anything. The U.S. regularly charges individuals but oftentimes these hackers reside in far flung corners of the globe, usually in areas where extradition isn’t an option.

Tags: hacking

Recommended Resources


  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.