Reaction score
Group-IB specialists have revealed the alleged identity of the Russian-speaking hacker Fxmsp, who for three years sold access to the corporate networks of international companies on the darknet. This is stated in the analytical report “Fxmsp: the invisible god of the network.”

Together with his accomplice under the nickname Lampeduza, who took over advertising and support of all transactions, between October 2017 and September 2019, the hacker compromised about 135 companies in 44 countries. Four of the companies attacked by Fxmsp are included in Fortune magazine's 2019 Global 500 ranking. According to minimal estimates, the attacker's profit was $1.5 million.

The first hacker activity was recorded in 2017. He started by installing hidden miners to mine the Monero cryptocurrency on his victims' servers, and then switched to hacking corporate networks.

Fxmsp independently handled all stages of the attack, including scanning the IP range in search of an open RDP port 3389 for the remote desktop, brute force, network anchoring and installation of backdoors.

“In the second half of 2017, in the elite niche of sales of access to corporate networks, Fxmsp was the most prominent player and the absolute leader in the number of lots,” says Group-IB.

Fxmsp's main activity occurred in 2018, after which the niche was empty for some time, and since the beginning of 2019, the cybercriminal has gained followers. According to Group-IB, since the beginning of 2020, more than 40 cybercriminals have been using Fxmsp techniques.

After analyzing the hacker’s email addresses, his accounts in Jabber, Skype and underground forums, as well as related domains, Group-IB specialists came to the conclusion that a resident of Kazakhstan, Andrey T., is supposedly hiding under the nickname Fxmsp.

“This is supported by the use of the same pseudonyms, as well as common interests associated with exchange platforms,” the report said.
Let us add that Andrey’s name came up in May 2019 in connection with a discussion of a hacker attack on three leading antivirus companies from the United States.

Group-IB specialists have not ruled out that the hacker may still continue to hack into networks. The report materials were transferred to international law enforcement agencies to establish the identity of Fxmsp.

Group-IB previously reported that in 2019, the number of ransomware attacks increased by 40% compared to the previous year, and the size of the ransom during this period increased from $8,000 to $84,000.