The US has unmasked a notorious hacker going by the name Fxmsp this week after it unsealed an indictment originally filed against him in 2018. The court documents also revealed more information about his activities and the organizations that he targeted with others in his cybercrime group.
The hacker’s real name is Andrey Turchin, and he lives in Kazakhstan. Also known as Andej Turchin, Akik Dalv and Vadim bld, his group has accessed over 300 corporate entities, educational institutions and governmental bodies spread across 40 countries, the indictment said. Over 30 of the victims were in the US, and Turchin also claimed to have access to over 200 government and law enforcement networks in the UK.
Along with the mass scanning for exposed RDP ports and brute force attacks already detailed in a report from Group-IB, Turchin also used phishing emails with malicious files or URLs to target employees, said the indictment.
Once Turchin and his group had accessed a victim’s system, they would sell access for a fee ranging from thousands of dollars to upwards of $100,000 in some cases. “With respect to some entities, for instance, those deemed potentially high-value targets (e.g. financial institutions), the group further negotiated a cut, or percentage, of future profits derived by the buyer from use of the purchased unauthorized network access,” the document added.
The document also revealed more information about entities that Turchin had targeted, including a port authority in Cowlitz County, Washington, an Alaskan distributor of petroleum products, a Colorado law firm, and an online money transfer and digital payment services company in New York. The group also compromised an African bank and a luxury hotel group.
The group advertised this access across various underground forums. According to the indictment, it used a broker service to manage an escrow account when arranging access for clients. The potential buyer transmitted funds to the broker in return for time-limited access to the victim’s network. When the client was happy with the access quality, they would unlock the escrow funds and Turchin or his colleagues would unlock unlimited access to the network. They would also give the buyer technical support for a set period after the sale.
Although Turchin has been indicted, there is no guarantee that he will be arrested as there is no extradition treaty between Kazakhstan and the US. In the past, the US has had to wait for perpetrators to travel to sympathetic countries or to visit the US before it can arrest them.