Security News > 2023 > February > Suspected Russian NLBrute malware boss extradited to US
A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the tool to spawn a criminal empire.
Dariy Pankov, also known as "Dpxaker," created the NLBrute malware that cracked the Windows credentials of improperly secured Remote Desktop Protocol systems through the brute-force technique of throwing massive numbers of password guesses at them, according to the US Department of Justice.
In the indictment handed up in April 2019, Pankov is accused of creating NLBrute in 2016 and began working with unnamed people to sell the tool on the dark web for $250 in Bitcoin.
In a 2017 researchers at Sophos reported that NLBrute was a key tool in ransomware attacks that year that were using Microsoft's RDP as a way into vulnerable systems.
In 2018, The Register covered a report by McAfee about the growth of so-called "RDP shops" on the dark web selling accessed to compromised systems for as little as $10 each, with the miscreants using NLBrute and other brute-force tools like Hydra and RDP Forcer to gain access.
Analysts with cybersecurity firm CloudSEK in 2021 said they found a dark web forum advertising a NLBrute tool that runs on the NLBrute 1.2 version, and it looks like the use of the malware won't be ending soon.
News URL
https://go.theregister.com/feed/www.theregister.com/2023/02/23/russian_nlbrute_hacking_malware/
Related news
- Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- New Tickler malware used to backdoor US govt, defense orgs (source)
- US cracks down on Russian disinformation before 2024 election (source)
- US proposes ban on Chinese, Russian connected car tech over security fears (source)
- US sanctions crypto exchanges used by Russian ransomware gangs (source)
- New HTML Smuggling Campaign Delivers DCRat Malware to Russian-Speaking Users (source)