Fxmsp: “The invisible god of networks”
Take a deep dive into the history of Fxmsp — one of the most notorious and prolific sellers of access to corporate networks on underground forums. In 2018, a user of one of the underground forums shared a post which promoted the services of breaking into corporate networks and selling access to them and read «You will become the invisible god of networks...» This user was Lampeduza, who turned out to be Fxmsp’s sales manager.
The report shows how Fxmsp’s cybercriminal career evolved from a newbie hacker to one of the major players of the Russian-speaking underground. Group-IB’s team uncovered Fxmsp’s TTPs and established his presumed identity.
Key Facts
44 Countries
where Fxmsp struck
135 Companies
were hit, 8.9% of which were state-owned. Light industry, IT, and Retail were the most common targets
$1,500,000+
Estimated earnings of the threat actor based on his public lots
3+ years
Active on underground forums
Download the report to learn
The evolution of Fxmsp
Follow the hacker from his first posts requesting for technical help and first victims to him earning the nickname «invisible god» in compromised networks.
Fxmsp’s tactics, technics, and procedures (TTPs)
Learn how he gained access to networks and what was unique about his attacks; how he prepared for and accomplished network persistence, and compromised back up servers; and how to protect your business from similar attacks.
Fxmsp’s presumed identity
Follow the steps Group-IB Threat Intelligence experts took to unmask the hacker. See how top-tier technology and analytical tools helped find out who was hiding behind the famous nickname.
quote from report
At the time of writing, Fxmsp is no longer publicly active. It remains uncertain, however, whether he is still breaking into company networks and selling access to them. Given the risk, Group-IB Threat Intelligence experts decided to release this report, share its expanded version with international law enforcement agencies, and make our materials on Fxmsp’s TTPs accessible to the general public.
Download "Fxmsp: The invisible god of networks"
Group-IB research on targeted attack groups
UltraRank: the unexpected twist of a JS-sniffer triple threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors. For five years, the cybercriminal group UltraRank has conducted campaigns using JS-sniffers and managed to stay unnoticed for the most part.
RedCurl: The pentest
you didn’t know about
Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS.
Online Piracy Research:
Jolly Roger’s patrons
Group-IB exposes financial crime network
of online pirates in developing countries.
of online pirates in developing countries.
Hi-Tech Crime Trends 2019/20
Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients.
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Hi-Tech Crime Trends 2018
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Crime without punishment: in-depth analysis of JS-sniffers
In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data.
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Hi-Tech Crime Trends 2017
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Lazarus Arisen: Architecture, Techniques and Attribution
Lazarus group targets the largest international banks as well as central banks in various countries.
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
MoneyTaker
This hacker group is noticeable for 1.5 years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.
Buhtrap
From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25 mln.
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Anunak: APT against financial institutions
This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.
UltraRank: the unexpected twist of a JS-sniffer triple threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors. For five years, the cybercriminal group UltraRank has conducted campaigns using JS-sniffers and managed to stay unnoticed for the most part.
RedCurl: The pentest
you didn’t know about
Research of the new espionage APT-group RedCurl and its elaborate attacks on enterprise companies in North America, Europe and CIS.
Online Piracy Research:
Jolly Roger’s patrons
Group-IB exposes financial crime network
of online pirates in developing countries.
of online pirates in developing countries.
Hi-Tech Crime Trends 2019/20
Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients.
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Hi-Tech Crime Trends 2018
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Crime without punishment: in-depth analysis of JS-sniffers
In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data.
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Hi-Tech Crime Trends 2017
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Lazarus Arisen: Architecture, Techniques and Attribution
Lazarus group targets the largest international banks as well as central banks in various countries.
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
MoneyTaker
This hacker group is noticeable for 1.5 years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.
Buhtrap
From August 2015 to February 2016 Buhtrap managed to conduct 13 successful attacks against Russian banks for a total amount of 1.8 billion rubles ($25 mln.
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Anunak: APT against financial institutions
This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat
Intelligence
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Threat Detection System
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Secure Bank
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Secure Portal
Protection from bots, fraud and data leakage for e‑commerce and web portals