Fxmsp hacker indicted by feds for selling backdoor access to hundreds of companies

Backdoors into government networks and corporations were allegedly sold to other criminal enterprises.
Written by Charlie Osborne, Contributing Writer

A prolific hacker believed to be behind a criminal enterprise selling backdoor access to hundreds of organizations worldwide has been indicted by US prosecutors. 

The alleged cybercriminal, who operated under the name "fxmsp," is a 37-year-old citizen of Kazakhstan, the US Department of Justice (DoJ) said. 

The indictment was unsealed in the Western District of Washington on Tuesday. Andrey Turchin has been indicted and charged for running an "ambitious hacking enterprise broadly targeting hundreds of victims across six continents," prosecutors say. 

From at least October 2017 to December 2018 -- the date charges were returned by jury but sealed until now -- Turchin is accused of selling network access to companies, educational establishments, and government entities worldwide. 

The five-count indictment claims that together with other perpetrators, Turchin scanned the Internet for open Remote Desktop Protocol (RDP) ports and conducted brute-force attacks to compromise networks. Once inside, Turchin's team would deploy malware -- such as Trojans -- to locate and steal credentials, as well as to establish footholds in these networks by way of backdoors. 

See also: Police take down encrypted criminal chat platform EncroChat

US prosecutors added that the group would also tamper with antivirus software settings to keep the malware's presence and activities under wraps. 

With their goals achieved, the group then allegedly moved into the monetization phase, in which network access was sold to other cybercriminals by way of underground forums including Exploit.in, fuckav.ru, Club2Card, Altenen, Blackhacker, Omerta, Sniff3r, and L33t. 

The DoJ says that at least 300 organizations were victims, including 30 in the United States. A US port authority, New York-based airline, an African ministry of finance, hotel chains, and numerous financial services companies are believed to have been affected by the group's hacking activities. 

Depending on the victim, prices for access ranged from a few thousand dollars to over $100,000. 

CNET: Microsoft sues over trademark to stop COVID-19 hacking campaign

An escrow service was used to hold payments until a buyer had verified the quality of access, granting them a six-hour window to poke around compromised networks before the sale went through. Potential customers were also offered discounts for bulk access purchases.

Turchin is also accused of selling access to Point-of-Sale (PoS) systems used by restaurants, retail, and other businesses in over a dozen countries. 

The fxmsp group is believed to have made "a substantial but unknown amount in illicit profits," prosecutors added, while compromised organizations have faced damage limitation bills reaching tens of millions of dollars to clean up their networks. 

TechRepublic: Why people forget their email passwords the most often

Turchin is charged with two counts of computer fraud and abuse, access device fraud, conspiracy to commit wire fraud, and conspiracy to commit computer hacking, offenses that can be punishable by decades in prison. 

US Attorney Brian Moran commended Kazakhstan for assisting in the investigation, but prosecutors did not confirm if Turchin has been arrested on these charges. 

The biggest hacks, data breaches of 2020 (so far)

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards