Teacher
Professional
- Messages
- 2,669
- Reaction score
- 829
- Points
- 113
One of the cybercriminals deposited 26.99 bitcoins (almost equal to one million US dollars) on one of the hacker forums. According to Cyble experts, the attacker's task is to purchase exploits for zero-day (0-day) vulnerabilities from other community members.
The potential buyer of exploits operates under the online pseudonym “integra”, the beginning of his activity on the cybercriminal forum dates back to September 2012. During this time integra has managed to earn a decent reputation on the site. Apparently, the same citizen registered in October 2012 at another forum of a similar topic. Integra's main interest is the purchase of malware and exploits that are not detected by antivirus products. In particular, the attacker is interested in the possibility of remote code execution, as well as local elevation of rights in the system. As noted in Cyble, integra buys:
1. The best Trojans for remote access (RAT), which are not yet detected by antivirus software.
2. Previously unused methods for autoloading malware in Windows 10. A member of the cybercriminal community offers $ 150,000 for the original method.
3. 0-day exploits leading to remote code execution or local privilege escalation.
The nearly $ 1 million that integra has deposited in an escrow account hoping to get quality exploits suggests that the attacker is planning large-scale cyberattacks. “Organizations should install all released patches, eliminating the currently known vulnerabilities. It also does not hurt to conduct an audit of information security in order to be prepared for such attacks, ”Cyble experts warn.
(c) https://www.anti-malware.ru/news/2021-07-08-111332/36359
