xDedic, the underground market offering access to thousands of government, business, and university servers that have been hacked was exposed earlier this year, and has once again resurfaced, this time with a new onion address (xdedicvhnguh5s6k.onion.top)
The market, revealed in June 2016 Kaspersky Lab report, is in the business of selling access to around 70,000 compromised web servers from over 150 countries around the world. Shortly after the website was brought to light, owners and administrators shut it down.
The cybersecurity firm based in the UK, Digital Shadows, has come forth to tell us how the market has resurfaced on Tor, but is now charging a $50.00 fee for entry into the markets. A report said that researchers found a post on a Russian language forum about how the market has resurfaced on June 24th. The post was made by someone of established history with the forum, and even included a link to the market.
“The new xDedic site was found to be identical in design to the previous site and although discussion in the thread indicated that accounts on the previous site had not been transferred to the new site, accounts could be freely registered,” Digital Shadow commented.
“However, following registration, accounts had to be credited with $50 in order to activate them. Searches indicated that the new xDedic domain had also been shared on a French language dark web criminal site, but the exception of Tor domain aggregation lists could not be located elsewhere. This development has likely corroborated this assessment,” Digital Shadow said further.
D.S. was unable to analyze traffic to the domain due to it being hosted on Tor. The firm commented, “It is assessed as a realistic possibility that at the time of writing, awareness that the site had returned was relatively low. However, as the previous site was attracting 30,000 users a month at the time it closed down, it is assessed as likely that awareness and use of the new site will increase in the immediate to midterm future.”
Kaspersky has not been silent though. In response to the news from D.S. Kaspersky commented back, “We are aware of reports of the return of xDedic and are monitoring the situation. We have a policy to share the findings of cybercriminal research with the relevant law enforcement agencies, and we have already done so in the case of xDedic.”
Kaspersky has said that in its initial findings, each purchase on xDedic came bundled with software that could be used to help launch DdoS attacks, orchestrate spam campaigns, and exploit P.O.S. retail systems.
“From government networks to corporations, from web servers to databases, xDedic provided a marketplace for buyers to find anything. The best thing about it, it’s cheap. Purchasing access to a server located in a European Union country government network can cost as little as $6. The one-time cost gives a malicious buyer access to launch further attacks. It is a hacker’s dream, simplifying access to victims, making it cheaper and faster, and opening up new possibilities for both cybercriminals and advanced threat actors,” Kaspersky said in a blog post.