fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

DOJ Indict Fxmsp Hacker For Selling Access To Hacked Orgs, AV Firms

DOJ Indict Fxmsp Hacker For Selling Access To Hacked Orgs, AV Firms

The US Department of Justice has indicted a hacker known as ‘Fxmsp’ for hacking into and selling access to over three hundred organizations worldwide.

In an indictment unsealed today, the DOJ is charging a citizen of Kazakhstan named Andrey Turchin, also known as “Fxmsp,” with conspiracy to commit computer hacking, two counts of computer fraud and abuse (hacking), conspiracy to commit wire fraud, and access device fraud.

While the indictment and DOJ press release does not state if Turchin was arrested, BleepingComputer has been told by sources familiar with the case that local authorities detained him in Kazakhstan.

According to the indictment, Turchin would gain access to private networks through phishing attacks and brute-forcing the passwords of exposed remote desktop servers.

Once a network was breached, Turchin allegedly deployed password-stealing Trojans and remote access trojans (RATs) to harvest credentials and gain persistence in the system.

“TURCHIN and his accomplices perpetrated an ambitious hacking enterprise broadly targeting hundreds of victims across six continents, including more than 30 in the United States.  Widely known in hacking circles by the moniker “Fxmsp,” TURCHIN employed a collection of hacking techniques and malicious software (malware) to gain and maintain access to victim networks,” a DOJ press release stated.

Under the alias ‘Fxmsp’, Turchin would then sell access to these networks on hacker forums and dark web marketplaces for prices typically ranging between $1,000 to tens of thousands, with some systems being sold for over $100,000.

Fxmsp selling access to networks

Other threat actors would use these sold networks to deploy ransomware, steal data, or perform other malicious behavior.

Also read: 9 Policies For Security Procedures Examples

Sold access to well-known US antivirus companies

In May 2019, BleepingComputer exclusively reported that Fxmsp was selling stolen source code and access to major US antivirus companies’ networks.

Based on information shared with BleepingComputer by cyber intelligence firm Advanced Intel, Fxmsp conducted a hacking campaign in 2019 where he claimed to have breached Trend Micro, Symantec, and McAfee,

As part of this breach, Fxmsp claims to have stolen source code from all three vendors, with access to over 30TB of data from Trend Micro.

Fxmsp Hacking operation

Access to these networks and the source code was being sold for $300,000 per vendor.

At the time, Symantec had told BleepingComputer that they were confident that they were not breached, Trend Micro states it was just a testing lab that was hacked, and McAfee said they were investigating the threat.

In addition to the AV vendors, Fxmsp had claimed to have access to a diverse host of victims, including businesses in the manufacturing, energy, financial, government, air transport, food, and education verticals.

Also read: 7 Client Data Protection Tips to Keep Customers Safe

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us