Hacking The Hackers—How 18,000 Cybercrime Wannabes Fell Victim
There is no shortage of hacking stories right now, from how the speed of hacking is getting ever faster, to the use of malicious AI chatbots to speed things along even more. However, one report has caught my eye as it shows how hackers are attacking each other, especially when it comes to the more skilled of the malicious breed and their script kiddie wannabe opposites.
A CloudSEK threat intelligence report, No Honour Among Thieves, has revealed in glorious technical detail how a trojanized version of a malware builder has been used to exploit script kiddies, novice hackers without the skill or desire to build their exploits, employing distributing the malicious malware, if that’s a phrase that makes sense, through GitHub, Telegram and file-sharing platforms to compromise more than 18,000 devices across the world. “This malicious tool exfiltrates sensitive data, employs advanced virtualization and registry techniques,” Vikas Kundu, a threat intelligence researcher at CloudSEK and author of the report, said, “and operates via Telegram-based command-and-control servers.”
Kundu goes on to explain that the malware is explicitly targeted in the direction of the so-called script kiddies, using tools that are targeted towards these novice hackers and wannabes who “use tools mentioned in various tutorials, thus showing that there is no honor among thieves.”
Hacking Back, Or Something More Insidious?
Although hacking back, the act of attacking the people who have hacked you or your organization is a thing, it’s an illegal thing and as such, should not be encouraged. Not that there is any evidence to suggest it works, the contrary would seem more likely, truth be told. Angering the hackers is akin to stirring up the wasp’s nest, asking for retaliation, and escalating attack frequency and sophistication. That said, the FBI recently procatively hacked into thousands of computers to remove malware, but I digress. So, is that what was happening here? I’d suggest not as the targeting is so broad and specifically going after users of malware exploit kit builders, rather than any particular hacker or organization. Of course, it could be a case of a criminal hacker proactively taking down perceived less capable competition, or another motive altogether.