Watch Webinar Recording
  • June 16, 2020
  • Duration: 50 min
Fxmsp: The story of 1 hacker who sold access to networks

In October 2017, Group-IB’s Threat Intelligence & Attribution (TI) specialists detected the activity of the threat actor known as Fxmsp, who at the time was starting to sell access to various corporate networks belonging to different companies around the world. In just over three years, Fxmsp managed to penetrate networks in more than 44 countries and put access to 135 networks on sale on underground forums. Group-IB estimates that Fxmsp made at least $1.5 million while active.

Group-IB’s TI specialists tracked Fxmsp’s movements in the Russian-speaking underground from the moment he registered on the first forum in September 2016 to when he ceased all public activity in 2019.

In this webinar we will cover:

  • What tactics Fxmsp used to get access to corporate networks and persist in infected systems
  • The evolution of Fxmsp’s activity
  • The victim portfolio, including geographical scope and industries
  • How we were able to identify the potential face behind the Fxmsp mask

Contact us +65 3159–3798 or

Contact us +65 3159–3798 or


Dmitry Shestakov

Head of Cybercrime Research

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence & Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 18 years of experience in cybercrime investigations worldwide and 70,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB actively collaborates with international partners such as INTERPOL and Europol in the fight against cybercrime, and is an industry-leading cybersecurity solutions provider.

Learn more

Get new report
Ransomware Uncovered 2021/2022

The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators based on MITRE ATT&CK®

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Get new report Ransomware Uncovered 2021/2022