Security News > 2020 > July > Notorious Hacker ‘Fxmsp’ Outed After Widespread Access-Dealing
According to the Feds' allegations, Turchin is a member of a "Prolific, financially motivated cybercriminal group composed of foreign actors that hacks the computer networks of a broad array of corporate entities, educational institutions and governments around the world, including the United States, and advertises and sells such unauthorized access to its victims' protected systems."
"Many transactions occurred through use of a broker and escrow, which allowed interested buyers to sample the network access for a limited period to test the quality and reliability of the illicit access."
The firm also detailed Turchin's tactics: "After gaining access to the target device, Fxmsp usually disables the existing antivirus software and firewall, then creates additional accounts. Next, he uses the Meterpreter payload on servers as a backdoor. Fxmsp himself noted in his posts that, when installing backdoors, he set a long interval for connections with C2 servers: once every 15 days. Once the access is gained, Fxmsp harvests dumps of all the accounts and decrypts them. Finally, he infects the backups by installing backdoors."
"Fxmsp is one of the most prolific sellers of access to corporate networks in the history of the Russian-speaking cybercriminal underground," Group-IB's Dmitry Volkov said in a June blog posting.
"Despite rather simplistic methods he used, Fxmsp managed to gain access to energy companies, government organizations, and even some Fortune 500 firms."