Security News > 2024 > May > Russian indicted for selling access to US corporate networks
A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "Initial access broker" from February 2019 to May 2024.
An initial access broker is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks.
Doroshenko, allegedly known online by the aliases "FlankerWWH" and "Flanker," is accused of gaining unauthorized access to corporate networks and then offering to sell this access on Russian-language cybercrime forums.
"From February 2019 to May 2024, Doroshenko devised a scheme whereby he gained unlawful access to victim computer systems and sold this access to others for a profit through a Russian language cybercrime forum located on the dark web," reads the U.S. Department of Justice announcement.
The indictment mentions an incident from January 2024 when the FlankerWWH alias attempted to sell access to the network of a company in Bergen County, New Jersey.
From the historical data of FlankerWWH's activity, the threat actor's preferred attack method was breaching networks by brute-forcing exposed Remote Desktop Protocol services.
News URL
Related news
- US warns of last-minute Iranian and Russian election influence ops (source)
- Russian suspected Phobos ransomware admin extradited to US over $16M extortion (source)
- Faraway Russian hackers breached US organization via Wi-Fi (source)
- US charges Russian-Israeli as suspected LockBit ransomware coder (source)