From securityweek.com
A threat actor infected their own computer with an information stealer, which has allowed Israeli threat intelligence company Hudson Rock to uncover their real identity.
Using the online moniker ‘La_Citrix’, the threat actor has been active on Russian speaking cybercrime forums since 2020, offering access to hacked companies and info-stealer logs from active infections.
La_Citrix, Hudson Rock says, has been observed hacking into organizations and compromising Citrix, VPN, and RDP servers to sell illicit access to them.
The hacker, the cybersecurity firm says, was careless enough to infect their own computer with an information stealer and to sell access to the machine without noticing.
This allowed Hudson Rock to explore the cybercriminal’s computer, which had been used to perpetrate intrusions at hundreds of companies. The computer contained employee credentials at almost 300 organizations, and the browser stored corporate credentials used to perform hacks.