An American court has unsealed the criminal charges against a prolific hacker known as fxmsp, finally revealing the identity of the “invisible god of networks.” In an announcement posted by the Western District of Washington’s US Attorney’s Office, authorities have identified fxmsp as a 37-year-old Kazakhstan citizen named Andrey Turchin. The five felony charges against Turchin date back to December 2018, but they remained sealed until this revelation, which follows a report published by security vendor Group-IB about the extent of fxmsp’s illicit activities.
According to authorities, Turchin and his accomplices targeted hundreds of corporate networks in more than 40 countries between October 2017 and December 2018. They allegedly established backdoors to corporate networks and then sold them in cybercrime forums for thousands to hundreds of thousands of dollars. Based on the unsealed documents, the group starts by scanning for open Remote Desktop Protocol ports and then brute-forcing their way into networks. They then steal administrative credentials and modify antivirus software settings to make sure their malware remains undetected.
Group-IB’s report says fxmsp and his group sold network access to hotel chains, banks and other financial firms, making at least $1.5 million from their operation. As a result of their activities, their victims reportedly lost tens of millions of dollars to malware and network damage. They’ve been inactive since last year after fxmsp made headlines for advertising access to data from popular cybersecurity firms McAfee, Trend Micro and Symantec. However, at least one cybersecurity firm believes they’re still operating under different names.
Turchin has been charged with conspiracy to commit computer hacking, two counts of computer fraud and abuse, conspiracy to commit wire fraud and access device fraud. Law enforcement officials say he’s likely aware of the charges and that extradition to the US is unlikely, because Kazakhstan does not extradite nationals.