A threat actor (TA), by the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums. The TA claims that the deposit has been made for the purchase of Zero Day Exploits from any forum member.
Refer to Figure 1 to check the TA’s post in the forum.
The TA has joined the forum in September 2012 and seems to have gained a high reputation over the course of time. The TA also has accounts on another cybercrime forum since Oct 2012.
Refer to Figure 2 to see the TA’s profile on the cybercrime forum.
The TA is willing to buy the following things with the deposited money.
1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products.
2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution.
3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million.
Zero-day vulnerabilities enable TAs to take advantage of security blind spots. The significant amount deposited as escrow for obtaining these vulnerabilities/exploits goes to show the TA’s seriousness about the use case for these exploits.
Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future.
Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-ups To Watch In 2020. Headquartered in Alpharetta, Georgia and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.