Hudson Rock is an Israeli cybercrime intelligence company. We specialize in sourcing compromised credentials from threat actors, which we then put to use in “Cavalier” — a threat-intelligence monitoring and notification product for cybersecurity professionals, that notifies them about compromised credentials of Employees, Partners and Users.
Threat actor “La_Citrix” is known for hacking companies and selling access to their citrix/vpn/RDP servers or otherwise for selling info-stealer logs from computer infections he is in charge of, he mainly operates on Russian speaking cybercrime forums from 2020 up until today.
As it turns out, while infecting computers, La_Citrix accidentally infected his own computer and likely ended up selling it without noticing.
We identified La_Citrix while looking at other hackers who were infected by info-stealers and had access to prominent cybercrime forums.
This led us to investigate La_Citrix’s computer further:
It is not uncommon for hackers to accidentally get infected by info-stealers, just as employees of highly technological companies often do. For example, raidforums.com, a prominent cybercrime forum that was shut down by law enforcement has over 7,000 compromised users in Hudson Rock’s database, many of which are hackers.
When going over the data from La_Citrix’s computer, researchers were surprised to see that Hudson Rock’s API determined this individual to be an employee at almost 300 different companies, but after seeing the credentials he had stored on the computer, they realized why:
Surprisingly, it was discovered that this threat actor orchestrated all of the hacking incidents using his personal computer, and browsers installed on that computer stored corporate credentials used for the various hacks.
Interestingly, La_Citrix’s method of infiltrating companies is done via corporate credentials found on computers that were infected by info-stealers. When we examined the corporate credentials La_Citrix had access to, we discovered most of them were already found in Hudson Rock’s Database.
Data from La_Citrix’s computer such as “Installed Software” reveals the real identity of the hacker, his address, phone, and other incriminating evidence such as “qTox”, prominent messenger used by ransomware groups, being installed on the computer.
This is not the first time we’ve identified hackers who accidentally got compromised by info-stealers, and we expect to see more as info-stealer infections grow exponentially.
Hudson Rock will forward the data to relevant law enforcement agencies.
To learn more about how Hudson Rock protects companies from imminent intrusions caused by info-stealer infections of employees, partners, and users, as well as how we enrich existing cybersecurity solutions with our cybercrime intelligence API, please schedule a call with us, here: https://www.hudsonrock.com/schedule-demo
We also provide access to various free cybercrime intelligence tools that you can find here: www.hudsonrock.com/free-tools
Thanks for reading, Rock Hudson Rock!
Follow us on LinkedIn: https://www.linkedin.com/company/hudson-rock
Follow us on Twitter: https://www.twitter.com/RockHudsonRock
A relatively unknown threat actor who goes by the alias “USDoD” posted a thread in which they offered the database of the FBI’s sharing system...
Hudson Rock' researchers found that a staggering 120,000 infected computers, many of which belong to hackers, had credentials associated with cybercrime forums.
This is the third and final part of a blog post series presented in collaboration with Cyrus in which we dive into botnets & info-stealers.
In this second of a three part series, presented in collaboration with Cyrus, we dive into botnets & info-stealers.
In this first of a three part series is presented in collaboration with Cyrus, we explain "info-stealers".