Researchers recently discovered a trading platform for hackers, which is currently booming, the marketplace sells more than 70,000 hacked government and corporate servers, some of them goes by the sum as little as $6.
According to a report published by researchers from the antivirus service provider Kaspersky Lab, at the end of last month, the xDedic trading platform listed 70,624 servers, most of them belonging to governments and corporations of 173 countries. Kaspersky wrote a separate blog post about their findings:
“From government networks to corporations, from Web servers to databases, xDedic provides a marketplace for buyers to find anything. And the best thing about it—it’s cheap! Purchasing access to a server located in a European Union country government network can cost as little as $6. The one-time cost gives a malicious buyer access to all the data on the server and the possibility to use this access to launch further attacks. It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors. The main goal of the xDedic forum is to facilitate the buying and selling of credentials for hacked servers which are available through RDP.”
Most of the buyers, according to Kaspersky’s research, could be hackers who are planning to carry out cybercrimes, such as using stolen credit card information, phishing, accounting and so on. An example for this case, xDedic makes it pretty easy for users to purchase access to servers that have credit card-processing point-of-sale (POS) software installed. After that, the hackers then can install malware that harvests card data funneled through the compromised servers. Specific software tools are included in the price, those can make the breached servers update Microsoft’s remote desktop protocol so it can accommodate multiple user logins. Other tools provided in the package are proxy installers and system information collectors.
xDedic could be a great place for the separate class of hacking groups known as “advanced persistent threat actors” (APT actors). In contrast to profit-motivated criminals who opportunistically attack any victim with weak defenses, APT actors target specific organizations or individuals, often since they unlike their view on politics, the country they support, or the cybercriminals need the information the victims hold. A Russian hacker group breaching the Democratic National Committee (DNC) or a China-based operation that compromises US defense contractors are two examples of the APT actors. Most APT actors are usually well-funded, however, the existence of marketplaces like xDedic lower the bar to entry class for the hackers. Kaspersky Lab researchers explained:
“The vast amount of servers for sale on the xDedic marketplace offers a very likely alternative for APT actors with low resources, willing to fly under the radar or having difficulties in getting a foothold in any of its victims. 8 USD is a very cheap price to pay for full access to potential high-profile targets. Usually overlooked, servers that have been hacked using brute-force methods might present an opportunity for APT actors that doesn’t arouse suspicion.”