Nation states buying hacking tools from underground Russian cyber forums

/in


Nation states have been identified shopping on Russian cyber crime forums for malware they can use to wipe computers of data in hostile hacking attacks.

Russian-speaking hacking forums, including Exploit and XSS, run black markets in tools and services used by cyber criminals intent on making money by hacking computer systems and stealing data.

According to Sergey Shykevich, a threat intelligence expert at cyber security company Check Point Software, nation states are increasingly using underground cyber crime forums to pose as cyber criminals and hackers.

“Nation states understand that to pretend to be involved in hacktivism allows them deniability,” he told Computer Weekly. “They don’t want to be accused, even if everyone knows it’s Russia, or Iran.”

Russian forums

Some of Russia’s cyber crime forums have been in operation for more than 20 years. One of the oldest Russian-speaking forums is Exploit, which was established in 2000 and contains one million messages on over 200,000 topics, said Shykevich.  

“They offer everything you could imagine,” he told Computer Weekly. “It starts with software vulnerabilities. You can rent malware, ransomware as a service and spam as a service to distribute fake phishing emails and currently even AI [artificial intelligence]-related services, and deep fake platforms.”

The forums generally exist on the deep web and don’t require a specialist Tor browser to access. But they are strictly members only.

Iran suspected of buying wiper software

Check Point discovered last year that Russian underground forums were offering wiper software, which is designed to destroy computer data irreversibly.

Wiper software is of no interest to cyber criminals who normally inhabit Russia’s hacking forums – strongly suggesting nation-state involvement.

“We saw someone, probably the Iranian government, looking for wiper software,” said Shykevich.

State-sponsored hacking groups are better funded than typical cyber criminal groups, and are not shy of advertising their spending power, said Shykevich.

They typically pay larger deposits to the administrators of cyber crime forums than other members of the hacking community.

“From all…

Source…