ETDA ThaiCERT
Report
Search
Home > List all groups > Fxmsp

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Fxmsp

NamesFxmsp (self given)
ATK 134 (Thales)
TAG-CR17 (?)
CountryKazakhstan Kazakhstan
MotivationFinancial gain
First seen2016
Description(AdvIntel) Throughout 2017 and 2018, Fxmsp established a network of trusted proxy resellers to promote their breaches on the criminal underground. Some of the known Fxmsp TTPs included accessing network environments via externally available remote desktop protocol (RDP) servers and exposed active directory.

Most recently, the actor claimed to have developed a credential-stealing botnet capable of infecting high-profile targets in order to exfiltrate sensitive usernames and passwords. Fxmsp has claimed that developing this botnet and improving its capabilities for stealing information from secured systems is their main goal.
ObservedSectors: Aviation, Education, Energy, Financial, Food and Agriculture, Government, Manufacturing, Retail, Transportation.
Countries: Australia, Brazil, Canada, Chile, China, Colombia, Cyprus, Ecuador, Egypt, El Salvador, Germany, Ghana, Hong Kong, India, Indonesia, Ireland, Italy, Jamaica, Japan, Kenya, Kuwait, Malaysia, Maldives, Mexico, Netherlands, Nigeria, Oman, Pakistan, Philippines, Russia, Saudi Arabia, Singapore, South Africa, South Korea, Sri Lanka, Thailand, UAE, UK, USA, Zimbabwe.
Tools usedRDP and exposed AD.
Operations performedMay 2019Breaches of Three Major Anti-Virus Companies
<https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies>
Counter operationsJul 2020Feds indict 'fxmsp' in connection with million-dollar hacking operation
<https://www.cyberscoop.com/fxmsp-andrey-turchin-indictment-fraud-stolen-data/>
Information<https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies>
<https://www.group-ib.com/resources/threat-research/fxmsp-report.html>

Last change to this card: 08 July 2020

Download this actor card in PDF or JSON format

Previous: Dungeon Spider
Next: Gnosticplayers

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key