Hackers hack victims hacked by different hackers

Common web customers and companies should not the one victims of malicious hackers. Generally, the hackers themselves get hacked.

That’s what occurred in an uncommon hacking marketing campaign, the place an unknown group of hackers focused techniques already compromised by a prolific cybercrime group generally known as TeamPCP. As soon as the hackers broke into these techniques, they instantly kicked out TeamPCP hackers and eliminated their instruments, in accordance with a brand new report by cybersecurity agency SentinelOne. 

From there, the hackers use their entry to deploy code designed to copy throughout totally different cloud infrastructure like a self-spreading worm, steal numerous sorts of credentials, and at last ship the stolen knowledge again to their infrastructure.

TeamPCP is a cybercriminal group that has gathered headlines in the previous few weeks, because of a collection of high-profile hacks attributed to the group. These hacks have included a breach of the European Fee’s cloud infrastructure, and a broadscale cyberattack towards extensively used vulnerability scanner software Trivvy, which affected any firm that relied on it, together with LiteLLM and AI recruiting startup Mercor, amongst others.

Alex Delamotte, the SentinelOne senior researcher who discovered the brand new hacking marketing campaign and dubbed it “PCPJack,” instructed information.killnetswitch that it’s not clear who’s behind it. At this level, Delamotte stated her three theories are that the hackers are both disgruntled ex-TeamPCP members, are a part of a rival group, or are a 3rd celebration “who selected to straight mannequin their assault instruments on TeamPCP’s earlier campaigns,” a lot of which focused cloud infrastructure. 

“The companies focused by PCPJack strongly resemble the December-January TeamPCP campaigns, earlier than the alleged change in group membership that occurred in February-March,” stated Delamotte. 

Delamotte additionally famous that the hackers don’t simply goal techniques compromised by TeamPCP, however additionally they scan the web for uncovered companies such because the digital machine cloud platform Docker, databases working MongoDB, and others. However SentinelOne stated the group appeared largely targeted on concentrating on TeamPCP.  

In line with the report, the hackers’ personal instruments maintain a tally of the variety of hacked targets the place they efficiently evicted TeamPCP by sending this info again to its infrastructure.

The targets of the PCPJack hackers seem like purely monetary, as they steal credentials with a give attention to monetizing them. The hackers do that by reselling them, promoting entry to the hacked techniques as so-called preliminary entry brokers — hackers who break into techniques after which let paying clients into the hacked machines, or by extorting the victims straight.

The hackers, nonetheless, don’t attempt to set up software program to mine crypto on the hacked techniques, possible as a result of that technique requires extra time to reap rewards, in accordance with Delamotte.

As a part of a few of their assaults, the hackers are utilizing domains that recommend they’re phishing for password supervisor credentials and utilizing pretend assist desk web sites, in accordance with Delamotte.