A prolific
Kazakh hacker known as ”fxmsp” has been charged with several US federal crimes
for allegedly hacking the computer networks of a broad array of entities,
including businesses, educational institutions, and governments throughout the
world, the U.S. Department of Justice (DOJ) has announced.
The 37-year-old, whose real name is Andrey Turchin, has allegedly been linked to numerous high-profile data breaches, ransomware attacks, and other cyber crimes, according to the DOJ. His victims include big corporations listed in the Fortune 500. From the press release:
“According
to the five-count indictment and records on file, from at least October 2017
through the date charges were returned by a Grand Jury, in December 2018,
TURCHIN and his accomplices perpetrated an ambitious hacking enterprise broadly
targeting hundreds of victims across six continents, including more than 30 in
the United States. Widely known in hacking circles by the moniker ’fxmsp,’ TURCHIN
employed a collection of hacking techniques and malicious software (malware) to
gain and maintain access to victim networks.
For instance, he often used specially designed code to scan the Internet
for open Remote Desktop Protocol (RDP) ports and conduct brute-force attacks to
initially compromise victim networks. Once inside the victim’s system, he moved
laterally throughout the network and deployed additional malicious code to
locate and steal administrative credentials and establish persistent access.
The conspirators often modified antivirus software settings to allow malware to
continue to run undetected.”
According to
the indictment, authorities believe Turchin didn’t act alone. Together with his
co-conspirators, he allegedly marketed and sold the network access on the dark
web, charging as much as $100,000 in some cases. He even allowed prospective buyers
to “sample” the network access for a limited period to test the quality and
reliability of the hack.
Turchin is
charged with conspiracy to commit computer hacking, two counts of computer
fraud and abuse (hacking), conspiracy to commit wire fraud, and access device
fraud. The FBI Seattle Office is actively investigating Turchin’s case. If
found guilty of all the allegations, he is looking at 45 years behind bars.