Pierluigi Paganini July 08, 2021

A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members.

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.  

The threat actor aims at buying malware with zero detection,

The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.

“The TA is willing to buy the following things with the deposited money.” states Cyble.

• 1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products. 
• 2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution. 
• 3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million. 

The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.  

“Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.” concludes Cyble.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]