Fxmsp: “The invisible god of networks”
Take a deep dive into the history of Fxmsp — one of the most notorious and prolific sellers of access to corporate networks on underground forums. In 2018, a user of one of the underground forums shared a post which promoted the services of breaking into corporate networks and selling access to them and read «You will become the invisible god of networks...» This user was Lampeduza, who turned out to be Fxmsp’s sales manager.
The report shows how Fxmsp’s cybercriminal career evolved from a newbie hacker to one of the major players of the Russian-speaking underground. Group-IB’s team uncovered Fxmsp’s TTPs and established his presumed identity.

where Fxmsp struck
were hit, 8.9% of which were state-owned. Light industry, IT, and Retail were the most common targets
Estimated earnings of the threat actor based on his public lots
Active on underground forums
Download the report to learn
Follow the hacker from his first posts requesting for technical help and first victims to him earning the nickname «invisible god» in compromised networks.
Learn how he gained access to networks and what was unique about his attacks; how he prepared for and accomplished network persistence, and compromised back up servers; and how to protect your business from similar attacks.
Follow the steps Group-IB Threat Intelligence & Attribution experts took to unmask the hacker. See how top-tier technology and analytical tools helped find out who was hiding behind the famous nickname.
At the time of writing, Fxmsp is no longer publicly active. It remains uncertain, however, whether he is still breaking into company networks and selling access to them. Given the risk, Group-IB Threat Intelligence & Attribution experts decided to release this report, share its expanded version with international law enforcement agencies, and make our materials on Fxmsp’s TTPs accessible to the general public.
Download "Fxmsp: The invisible god of networks"

Group-IB research on targeted attack groups

Hi-Tech Crime Trends 2020/2021

UltraRank: the unexpected twist of a JS-sniffer triple threat

RedCurl: The pentest
you didn’t know about

Online Piracy Research:
Jolly Roger’s patrons
of online pirates in developing countries.

Hi-Tech Crime Trends 2019/20

Attacks by Silence

Hi-Tech Crime Trends 2018

Crime without punishment: in-depth analysis of JS-sniffers

2018 Cryptocurrency Exchanges

Cobalt: their evolution and joint operations

Hi-Tech Crime Trends 2017

Lazarus Arisen: Architecture, Techniques and Attribution

Hi-Tech Crime Trends 2016

MoneyTaker

Buhtrap

Analysis of attacks against trading and bank card system

Anunak: APT against financial institutions

Hi-Tech Crime Trends 2020/2021

UltraRank: the unexpected twist of a JS-sniffer triple threat

RedCurl: The pentest
you didn’t know about

Online Piracy Research:
Jolly Roger’s patrons
of online pirates in developing countries.

Hi-Tech Crime Trends 2019/20

Attacks by Silence

Hi-Tech Crime Trends 2018

Crime without punishment: in-depth analysis of JS-sniffers

2018 Cryptocurrency Exchanges

Cobalt: their evolution and joint operations

Hi-Tech Crime Trends 2017

Lazarus Arisen: Architecture, Techniques and Attribution

Hi-Tech Crime Trends 2016

MoneyTaker

Buhtrap

Analysis of attacks against trading and bank card system

Anunak: APT against financial institutions
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Protection from bots, fraud and data leakage for e‑commerce and web portals