An initial access broker is a threat actor who breaches corporate networks and then sells that access to other threat actors, who commonly use the access to conduct data theft or ransomware attacks.
The indictment mentions an incident from January 2024 when the FlankerWWH alias attempted to sell access to the network of a company in Bergen County, New Jersey.
From the historical data of FlankerWWH's activity, the threat actor's preferred attack method was breaching networks by brute-forcing exposed Remote Desktop Protocol services.
The same user was spotted requesting help cracking NTLM hashes, which were likely obtained after breaching a network.
Using Flare's threat intelligence system, BleepingComputer found additional posts by the threat actor asking for help removing passwords from Excel spreadsheets and advice on contacting the developer of a keylogger.
In addition to all the above, the indictment also mentions a case where Doroshenko stole information from one of the systems he breached, valued at over $5,000.
The wire fraud charge carries a maximum sentence of 20 years in prison and a fine of $250,000, while the computer fraud charge is punishable by up to five years of imprisonment and a similar fine.
For now the suspect hasn't been arrested, and given that he is based in Russia, it seems unlikely that he will ever be unless he leaves the country.
Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion.
REvil hacker behind Kaseya ransomware attack gets 13 years in prison.
Russia charges suspects behind theft of 160,000 credit cards.
Indian man stole $37 million in crypto using fake Coinbase Pro site.
Northern Ireland police faces £750k fine after exposing staff info.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 28 May 2024 18:35:14 +0000