Mystery hacker sold Windows zero-day vulnerabilities to APT organizations
Kaspersky Lab researchers say that in the past three years, a mysterious hacker has been selling Windows zero-day vulnerabilities to at least three cyber espionage organizations and cybercriminal groups. Some government-backed cyber espionage organizations, known as APT organizations, regularly purchase zero-day vulnerabilities from third parties in addition to developing internal tools. It is believed that APT organizations often use zero-day vulnerabilities developed by third-party companies, which are typically monitoring software vendors. Kaspersky’s recent disclosures indicate that APT organizations may, in some cases, be involved in underground hacking and gain access to vulnerabilities developed by independent hackers for cybercrime organizations.
According to experts at Kaspersky Lab, Volodya hacker is one of the most promising suppliers of zero-day vulnerabilities. This hacker is also known as BuggiCorp. After the cybercrime forum publicly sold a Windows zero-day vulnerability, the hacker made headlines on major technology news sites. At the time, the ad was shocking because it was rare to see hackers selling Windows zero-day vulnerabilities in an open forum, most of which were privately traded. BuggiCorp lowered the asking price several times, from $95,000 to $85,000, eventually selling the zero-day vulnerabilities to a cybercrime group.
Kaspersky experts said that Kaspersky has been tracking Volodya since 2015. Volodya is a prolific developer and a zero-day vulnerability seller. It is observed that he is likely to be Ukrainian. Volodya appears to be the discoverer of the CVE-2019-0859 vulnerability, a vulnerability used by cybercrime groups for financial theft. Another vulnerability he discovered was CVE-2016-7255, which was used by the famous Russian APT organization Fancy Bear (also known as APT28, Pawn Storm, Sednit, Sofacy or Strontium).