Trending

ee-track">
Link copied!

Threat Actor Seeking Private 0-Day – 1 Million Deposited in a Popular Cybercrime Marketplace

A threat actor (TA), by the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums. The TA claims that the deposit has been made for the purchase of Zero Day Exploits from any forum member.   Refer to Figure 1 to check the TA’s post in the…

July 6, 2021 · 2 min read
Threat Actor Seeking Private 0-Day – 1 Million Deposited in a Popular Cybercrime Marketplace

A threat actor (TA), by the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums. The TA claims that the deposit has been made for the purchase of Zero Day Exploits from any forum member.  

Refer to Figure 1 to check the TA’s post in the forum. 

image 78

The TA has joined the forum in September 2012 and seems to have gained a high reputation over the course of time. The TA also has accounts on another cybercrime forum since Oct 2012.  

Refer to Figure 2 to see the TA’s profile on the cybercrime forum. 

image 79

The TA is willing to buy the following things with the deposited money. 
 

1. Buy the best Remote Access Trojan (RAT) that has not yet been flagged as malicious by any of the security products. 

2. Buy unused startup methods in Windows 10 such as living off the land (LotL) malware and hiding in the registry evasion technique. The TA is willing to offer up to USD 150K for the original solution. 

3. Buy Zero Day Exploit for Remote Code Executions and Local Privileges Escalations. The TA has mentioned that the budget for this particular exploit is USD 3Million. 
 

Zero-day vulnerabilities enable TAs to take advantage of security blind spots. The significant amount deposited as escrow for obtaining these vulnerabilities/exploits goes to show the TA’s seriousness about the use case for these exploits.  
 
Organizations should patch all known security updates and conduct timely internal Security Audits, in addition to being prepared for such attacks in the future. 

About Cyble: 

Cyble is a global threat intelligence SaaS provider that helps enterprises protect themselves from cybercrimes and exposure in the Darkweb. Its prime focus is to provide organizations with real-time visibility to their digital risk footprint. Backed by Y Combinator as part of the 2021 winter cohort, Cyble has also been recognized by Forbes as one of the top 20 Best Cybersecurity Start-ups To Watch In 2020. Headquartered in Alpharetta, Georgia and with offices in Australia, Singapore, and India, Cyble has a global presence. To learn more about Cyble, visit www.cyble.com.    

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams