A Hacker Is Selling Windows Zero-Days To World's Most Dangerous Hacker Groups
The world's most prolific and dangerous hacker groups were reportedly supplied with Windows zero-day vulnerabilities by a mysterious lone hacker who goes by the pseudonym Volodya or BuggiCorp. The hacker has reportedly been selling Windows zero-days since 2016, when he first put up an advertisment in a fairly public forum.
Since the first ad, Volodya has gained a reputation for selling hacking tools and zero-days, according to Kaspersky Lab security researchers, ZDNet reported. The mysterious hacker reportedly demanded prices as high as $95,000 for zero days in 2016. However, as his reputation grew, the hacker began charging more money. According to Costin Raiu, the Director of the Global Research and Analysis Team (GReAT) at Kaspersky, which is dedicatedto hunting APTs, Volodya's reputation allowed him to demand prices as high as $200,000.
"Volodya is a prolific exploit developer and zero-day seller that we have been tracking since 2015," Raiu told ZDNet. "Volodya is short for 'Volodimir,' which is the nickname that appears in some of his work. Our observations indicate Volodya is fluent in Russian, although likely of Ukrainian origin. Volodimir is also not a Russian name, but Ukrainian."
The hacker reportedly sold Windows zero-days to Russia and Middle East-based hacker groups, including the now-infamous Fancy Bear, SandCat, and FruityArmor. Fancy Bear APT group is considered to have been instrumental in conducting attacks against the US during the 2016 presidential election and has been active for several years.
SandCat is considered to be a relatively new player in the cyberespioange block. Meanwhile, FruityArmor, yet another established APT group, has previously targeted Middles Eastern and Asian entities. All three APT groups are suspected to be state-sponsored, indicating that such groups regularly purchase hacking tools from established cybercriminals.
According to Kaspersky researchers, Volodya developed a bug, titles CVE-2019-0859, which was recently abused by a hacker group. The flaw isn't the only one that Volodya has created and sold. Raiu told ZNDet that the hacker works alongside both APT groups as well as low-end cybercriminals, selling zero-days to all and sundry.
It is unclear whether Volodya's work is a one man show or whether he has a dedicated team working to develop, market and sell vulnerabilities. However, Voldoya's ability to charge prices as high as $200,000 indicate that there is a burgeoning market for the sales of such bugs.
© Copyright IBTimes 2024. All rights reserved.