Dark Web M&A Deals
A prominent hacker group gets acquisitive. And it spells trouble.
Yes, cybercriminals are now in the mergers & acquisitions game.
Flush with cash, the notorious REvil team (aka Sodinokibi) expanded its reach with a recent acquisition at a Dark Web auction.
The REvil gang makes more than $100 million from ransom demands each year. - according to UNKN (yes, that's a real Dark Web handle)
UNKN, the public face of the REvil gang, made the purchase. For those unfamiliar, Dark Web operators work under "handles" or online personas. In this case, UNKN is actually well known to be affiliated with the REvil team.
The asset purchased includes the source code of a "trojan" form of malware. The KPOT trojan disguises itself upon entry in a victim network and then extracts passwords once inside. It has very broad capabilities in credential theft - including "web browsers, instant messengers, email clients, VPNs, RDP services, FTP apps, cryptocurrency wallets, and gaming software."
KPOT is a classic "information stealer" that can extract and steal passwords from various apps on infected computers.
Security experts believe the REvil team purchased the code to add to its existing Ransomware-as-a-service (RaaS) and expand on KPOT's stealing capabilities.
Yes, you should be alarmed that there's a known acronym for this. REvil (and others) operate RaaS platforms on the Dark Web where anyone can hop on and pay the license fee for access. It's then on the hacker to distribute the licensed malware as desired.
This all means that the already-successful REvil Ransomware attacks will pack a meatier punch for infected victims.
If you're wondering how they find these hackers to distribute their malware, look no further than NetWalker Group's recruiting initiative.
This "business" has become wildly profitable for cybercriminals, and they will keep expanding.
The good news is that