Security News > 2023 > February > Suspected Russian NLBrute malware boss extradited to US

A Russian national accused of developing the NLBrute brute-force hacking tool has made his first court appearance this week in Florida over accusations that he used the tool to spawn a criminal empire.

Dariy Pankov, also known as "Dpxaker," created the NLBrute malware that cracked the Windows credentials of improperly secured Remote Desktop Protocol systems through the brute-force technique of throwing massive numbers of password guesses at them, according to the US Department of Justice.

In the indictment handed up in April 2019, Pankov is accused of creating NLBrute in 2016 and began working with unnamed people to sell the tool on the dark web for $250 in Bitcoin.

In a 2017 researchers at Sophos reported that NLBrute was a key tool in ransomware attacks that year that were using Microsoft's RDP as a way into vulnerable systems.

In 2018, The Register covered a report by McAfee about the growth of so-called "RDP shops" on the dark web selling accessed to compromised systems for as little as $10 each, with the miscreants using NLBrute and other brute-force tools like Hydra and RDP Forcer to gain access.

Analysts with cybersecurity firm CloudSEK in 2021 said they found a dark web forum advertising a NLBrute tool that runs on the NLBrute 1.2 version, and it looks like the use of the malware won't be ending soon.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/02/23/russian_nlbrute_hacking_malware/