Hacker deposited $1M in a popular cybercrime marketplace to buy zero-day exploits

A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members.

A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble.

According to the experts, the member “integra” has joined the cybercrime forum in September 2012 and has gained a high reputation over the course of time. The threat actor is also a member of another cybercrime forum since October 2012.

The threat actor aims at buying malware with zero detection,

The TA is willing to buy the following things with the deposited money zero-day exploits for RCE and LPE, in the latter case the member is offering up to $3 Million.

“The TA is willing to buy the following things with the deposited money.” states Cyble.

1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products.
2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution.
3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million.

The significant amount deposited as an escrow by the threat actor is concerning, the circumstance suggests that the threat actor is going to use the exploits for attacks or to resell them.

“Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.” concludes Cyble.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Next Tor Browser 10.5 is out, it includes a new anti-censorship feature »

Previous « Experts bypassed Microsoft's emergency patch for the PrintNightmare

Published by

Pierluigi Paganini

Tags: Cybersecuritycybersecurity newsHackinghacking newsinformation security newsPierluigi PaganiniSecurity AffairsSecurity Newszero-Day

3 years ago

Law enforcement operation dismantled phishing-as-a-service platform LabHost

An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…

3 hours ago

Hacking

Previously unknown Kapeka backdoor linked to Russian Sandworm APT

Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…

8 hours ago

Hacking

Cisco warns of a command injection escalation flaw in its IMC. PoC publicly available

Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…

11 hours ago

Cyber Crime

Linux variant of Cerber ransomware targets Atlassian servers

Threat actors are exploiting the CVE-2023-22518 flaw in Atlassian servers to deploy a Linux variant of…

24 hours ago

Security

Ivanti fixed two critical flaws in its Avalanche MDM

Ivanti addressed two critical vulnerabilities in its Avalanche mobile device management (MDM) solution, that can…

1 day ago

Hacking

Researchers released exploit code for actively exploited Palo Alto PAN-OS bug

Researchers released an exploit code for the actively exploited vulnerability CVE-2024-3400 in Palo Alto Networks'…

2 days ago

This website uses cookies.