Nice side story: a hacker who operated in Russian-language forums since 2020 mistakenly infected his computer with malware he used, selling information to security researchers at Hudson Rock. So Hudson Rock staff was able to identify the hacker called La_Citrix and hand the data to law enforcement.
According to
Darkreading, the hacker, using the alias La_Citrix, operated with credentials from corporate Citrix Remote Desktop Protocol (RDP) VPN servers, which he sold to the highest bidder on Russian-language dark web forums. The hacker used an infostealer to obtain the credentials, and his campaigns could be traced back to 2020.
Then La_Citrix accidentally infected his own computer with the malware. By doing so, he seems to have mistakenly sold his own data along with a collection of stolen data to security researchers from Hudson Rock. The latter tracked activity on the dark web to buy up such threat data.
Hudson Rock is an Israeli cybercrime intelligence company. The company specializes in locating compromised credentials of threat actors, which are then fed into "Cavalier." This is a threat intelligence monitoring and notification product for cybersecurity professionals that informs about compromised credentials of employees, partners and users.
