top of page
Mitre
Alias
Fxmsp, Atk 134, Tag-cr17
Country
Kazakhstan
Sponsor
Nil
Motivation
Financial Gain
First Seen
2016
Description
(AdvIntel) Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp TTPs included accessing network environments via externally available remote desktop protocol (RDP) servers and exposed active directory.
Most recently, the actor claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords. Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal.
Targeted
Industries
Food And Agriculture, Government, Energy, Retail, Financial, Education, Manufacturing, Aviation, Transportation
Targeted
Countries
Canada, Saudi Arabia, Hong Kong, Italy, Pakistan, El Salvador, Cyprus, Philippines, China, Malaysia, Sri Lanka, Russia, Germany, Ireland, Ghana, Chile, Brazil, Maldives, Nigeria, Netherlands, Uae, Usa, Ecuador, Uk, Japan, Oman, India, Egypt, Mexico, Australia, Kuwait, Thailand, Zimbabwe, Colombia, South Africa, Singapore, South Korea, Jamaica, Indonesia, Kenya
Tools
Rdp
Exposed Ad
TTP
Nil
Operations
Performed
[2019-05] breaches Of Three Major Anti-virus Companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
Counter
Operations
'date': '2020-07', 'activity': "feds Indict 'fxmsp' In Connection With Million-dollar Hacking Operation (https://www.cyberscoop.com/fxmsp-andrey-turchin-indictment-fraud-stolen-data/"
Information
bottom of page