Australia
Brazil
Canada
Chile
China
Colombia
Cyprus
Ecuador
Egypt
El Salvador
Germany
Ghana
Hong Kong
India
Indonesia
Ireland
Italy
Jamaica
Japan
Kenya
Kuwait
Malaysia
Maldives
Mexico
Netherlands
Nigeria
Oman
Pakistan
Philippines
Russia
Saudi Arabia
Singapore
South Africa
South Korea
Sri Lanka
Thailand
UAE
UK
USA
Zimbabwe
Description
(AdvIntel) Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp TTPs included accessing network environments via externally available remote desktop protocol (RDP) servers and exposed active directory.
Most recently, the actor claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords. Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal.
Tools Used
2
RDP
exposed AD
Operations
1
2019-05Breaches of Three Major Anti-Virus Companies
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies