An Israeli hacker did not notice the activation of the infostealer on his personal computer and accidentally sold his own data to third parties.
The Israeli company Hudson Rock, specializing in cyber intelligence, has discovered interesting data about a hacker nicknamed "La_Citrix". This attacker is known in cybercriminal forums for hacking into companies and selling access to their Citrix/VPN/RDP servers. In addition, he regularly traded in stolen data from compromised computers of his victims.
It turned out that in the process of infecting other people's devices with a ransomware virus, La_Citrix accidentally infected his own computer as well. As a result, the hacker sold his own data without even noticing it.
Hudson Rock experts unexpectedly revealed La_Citrix data during the analysis of information from other people whose computers also suffered from ransomware viruses. The find spurred the researchers' curiosity, so they carefully studied the data from the cybercriminal's computer.
Although it is rarely talked about, hackers quite often become victims of their own viruses. For example, there are more than 7,000 compromised users of the major hacker forum RaidForums in the Hudson Rock database, many of which were real attackers (or still are).
Looking at data from the La_Citrix computer, they were surprised to see that their systems identified this user as an employee of nearly 300 different companies. However, after taking a closer look at the credentials they found, they understood the reason.
As it turned out, La_Citrix organized all hacker attacks from his personal computer. And the browsers installed on it stored corporate credentials used for hacks. And not only them, as it turned out later.
La_Citrix infiltrated companies using credentials found on other ransomware-infected computers, expanding its database with each new attack.
After thoroughly digging into the browser data from the hacker's computer, experts found auto-fill information, which revealed the hacker's real name, his home address, phone number, and other evidence. The researchers said that they would transfer (if not already transferred, of course) data about the attacker to law enforcement agencies.
This story clearly demonstrates that even experienced hackers are not immune from mistakes and can themselves become a victim of their own viruses. Ironically, La_Citrix fell for the same tricks he used to hack other people and their computers. Who knows, perhaps if he had not been doing his dark activities from a personal computer, he would still maintain anonymity, even taking into account such a major mistake.
The Israeli company Hudson Rock, specializing in cyber intelligence, has discovered interesting data about a hacker nicknamed "La_Citrix". This attacker is known in cybercriminal forums for hacking into companies and selling access to their Citrix/VPN/RDP servers. In addition, he regularly traded in stolen data from compromised computers of his victims.
It turned out that in the process of infecting other people's devices with a ransomware virus, La_Citrix accidentally infected his own computer as well. As a result, the hacker sold his own data without even noticing it.
Hudson Rock experts unexpectedly revealed La_Citrix data during the analysis of information from other people whose computers also suffered from ransomware viruses. The find spurred the researchers' curiosity, so they carefully studied the data from the cybercriminal's computer.
Although it is rarely talked about, hackers quite often become victims of their own viruses. For example, there are more than 7,000 compromised users of the major hacker forum RaidForums in the Hudson Rock database, many of which were real attackers (or still are).
Looking at data from the La_Citrix computer, they were surprised to see that their systems identified this user as an employee of nearly 300 different companies. However, after taking a closer look at the credentials they found, they understood the reason.
As it turned out, La_Citrix organized all hacker attacks from his personal computer. And the browsers installed on it stored corporate credentials used for hacks. And not only them, as it turned out later.
La_Citrix infiltrated companies using credentials found on other ransomware-infected computers, expanding its database with each new attack.
After thoroughly digging into the browser data from the hacker's computer, experts found auto-fill information, which revealed the hacker's real name, his home address, phone number, and other evidence. The researchers said that they would transfer (if not already transferred, of course) data about the attacker to law enforcement agencies.
This story clearly demonstrates that even experienced hackers are not immune from mistakes and can themselves become a victim of their own viruses. Ironically, La_Citrix fell for the same tricks he used to hack other people and their computers. Who knows, perhaps if he had not been doing his dark activities from a personal computer, he would still maintain anonymity, even taking into account such a major mistake.
