Security News > 2024 > May > Russian indicted for selling access to US corporate networks
A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "Initial access broker" from February 2019 to May 2024.
An initial access broker is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks.
Doroshenko, allegedly known online by the aliases "FlankerWWH" and "Flanker," is accused of gaining unauthorized access to corporate networks and then offering to sell this access on Russian-language cybercrime forums.
"From February 2019 to May 2024, Doroshenko devised a scheme whereby he gained unlawful access to victim computer systems and sold this access to others for a profit through a Russian language cybercrime forum located on the dark web," reads the U.S. Department of Justice announcement.
The indictment mentions an incident from January 2024 when the FlankerWWH alias attempted to sell access to the network of a company in Bergen County, New Jersey.
From the historical data of FlankerWWH's activity, the threat actor's preferred attack method was breaching networks by brute-forcing exposed Remote Desktop Protocol services.
News URL
Related news
- US Government, Microsoft Aim to Disrupt Russian threat actor ‘Star Blizzard’ (source)
- US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers (source)
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)