xDedic Marketplace Infamous for Selling Access to Hacked Servers

1019
Safe Website Concept. Coding Safe Website. Programming and Coding Concept.
The xDedic marketplace now has over 85,000 hacked RDP servers listed for sale or purchase for an average price of $6.

After Kaspersky Labs ousted xDedic last summer for employing hacked servers for purchase or hire, many believed it was curtains for the marketplace.

The exposé was meant to steer traffic away from the xDedic marketplace for dealing with illegitimately obtained servers.

Your TOR usage is being watched

However, after just a few weeks offline, the marketplace was back doing what it apparently knows best: selling even more hacked servers for an average price of $6.

Kaspersky’s 25-page report revealed the initial number of hacked servers for sale or hire on xDedic marketplace to be around 70,000.

After rising from its ashes, it was confirmed that the marketplace now has over 85,000 servers listed for sale or hire.

The majority of the compromised servers suffer the same fatal flaw—they have open unsecured RDP (Remote Desktop Protocol) connections.

xDedic marketplace is believed to be run by a group of Russian-speaking hackers. It is a hackers’ haven, where user forums share information and hacking tools, such as sysinfo collectors and proxy installers.

Much of the support offered in the forums aims to enable buyers to patch RDP servers in order to facilitate multiple user logins.

How Cybercriminals Use RDP Servers

The servers listed for sale or hire on the xDedic marketplace seem to bear no other connection, save for the fact that they are all RDP servers.

Hackers can easily obtain access or “ownership” of servers from corporate or governmental institutions who have access to sensitive data and administrative privileges.

From this critical vantage point, hacking and ransomware attacks are often devastating and can cause irreparable damage to the institutions involved.

Read >>
Student Ordered Drugs On Agora Darknet Market, Caught

The RDP servers on xDedic feature marketplace tags, which are specifically put in place to show that they have not been blacklisted from any online resource.

These lists of public websites specifically focus on Point of Sale software, accounting and tax reporting.

Installed in the compromised RDP servers are features and software that enable mass email-sending, so these fraudulent hackers can carry out phishing attacks without drawing any suspicion.

In some cases, hackers can install additional software that allows them to fraudulently obtain money.

Exponential Growth

Kaspersky’s report on the xDedic marketplace should have put it out of business for good. However, it appears business is the best it’s ever been on xDedic, according to a team of cybersecurity experts at Flashpoint.

The group conducted a full analysis of xDedic data and found new numbers of listed servers on the marketplace, showing its exponential growth despite the mass exodus of most of its traffic to more secure locations on the dark web.

Flashpoint Director of Research Vitali Kremez believes that a well-known threat actor (who has repeatedly targeted healthcare institutions) leveraged that dataset for ransom in a few of their breaches.

Hacker in Black Gloves Hacking the System.
After Kaspersky Labs ousted xDedic last summer for employing hacked servers for purchase or hire, many believed it was curtains for the marketplace.

More than a few servers were secured with simple passwords, and they were forcefully hacked and used as leverage in ransomware incidents.

However, the analysis of the xDedic marketplace data showed that almost 75 percent of the compromised RDP servers were in educational institutions, the majority of which were located in Germany, Ukraine and the United States.

xDedic Marketplace Has Competition

xDedic marketplace is no longer the only service that avails servers for purchase or hire. Spammer, a service hosted on a Romanian domain, has popped up offering similar deals on a variety of hacked servers from different locations.

Read >>
Silk Road 3.0 Back From The Dead

Unlike the much more dedicated xDedic marketplace, experts deduce Spammer is single-hacker operation, due to factors like a significantly smaller inventory.

xDedic is also more of an open marketplace than Spammer is. Experts are now waiting to see whether Spammer shares the same limited lifespan with the xDedic market, despite its relative newness to the scene.

Write for us

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

2 COMMENTS

  1. salut,
    Dans ton article il y a une erreur à un certain endroit tu écris les Suédois qui sont les habitants de la Suède et non des Suisses qui eux sont suisses. A part ça svp les gens allés voté cette fois ça vaut la peine. LEGALIZE-IT.ch et bonne journée à tous

LEAVE A REPLY

Contact Information not allowed in the comments. Promotional text not allowed.

Please enter your comment!
Please enter your name here

Your comment will appear after few minutes if it is allowed by the moderator. Refresh the page to see it.