Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Fxmsp: “The Invisible God of Networks”
← Research Hub

Fxmsp: “The Invisible God of Networks”

The report shows how Fxmsp’s cybercriminal career evolved from a newbie hacker to one of the major players of the Russian-speaking underground. Group-IB’s team uncovered Fxmsp’s TTPs and established his presumed identity.
Download report

Take a deep dive into the history of Fxmsp — one of the most notorious and prolific sellers of access to corporate networks on underground forums. In 2018, a user of one of the underground forums shared a post which promoted the services of breaking into corporate networks and selling access to them and read «You will become the invisible god of networks…» This user was Lampeduza, who turned out to be Fxmsp’s sales manager.

Key Facts

44 Countries

where Fxmsp struck

135 Companies

were hit, 8.9% of which were state-owned. Light industry, IT, and Retail were the most common targets

$1,500,000+

Estimated earnings of the threat actor based on his public lots

3+ years

Active on underground forums

Download the report to learn

The evolution of FxmspThe evolution of Fxmsp

Follow the hacker from his first posts requesting for technical help and first victims to him earning the nickname «invisible god» in compromised networks.

Fxmsp’s tactics, technics, and procedures (TTPs)Fxmsp’s tactics, technics, and procedures (TTPs)

Learn how he gained access to networks and what was unique about his attacks; how he prepared for and accomplished network persistence, and compromised back up servers; and how to protect your business from similar attacks.

Fxmsp’s presumed identityFxmsp’s presumed identity

Follow the steps Group-IB Threat Intelligence & Attribution experts took to unmask the hacker. See how top-tier technology and analytical tools helped find out who was hiding behind the famous nickname.
At the time of writing, Fxmsp is no longer publicly active. It remains uncertain, however, whether he is still breaking into company networks and selling access to them. Given the risk, Group-IB Threat Intelligence & Attribution experts decided to release this report, share its expanded version with international law enforcement agencies, and make our materials on Fxmsp’s TTPs accessible to the general public.

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn moreDownload report
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn moreDownload report
RedCurl: The Awakening
Threat Research
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out,...
Learn moreDownload report