{ "id": "7cedf779-9ed4-46e1-9590-aa6b4f76722f", "created_at": "2026-04-06T00:22:10.089909Z", "updated_at": "2026-04-10T13:12:56.357574Z", "deleted_at": null, "sha1_hash": "8fa03c75a70dfa0b4e1797f5552ac24b664c7fe4", "title": "Feds indict ‘fxmsp’ in connection with million-dollar hacking operation", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 38202, "plain_text": "Feds indict ‘fxmsp’ in connection with million-dollar hacking\r\noperation\r\nBy Jeff Stone\r\nPublished: 2020-07-07 · Archived: 2026-04-05 16:06:00 UTC\r\nThe U.S. Department of Justice has charged a man with hacking-related crimes as part of an investigation into a\r\ngroup of foreign scammers accused of targeting more than 300 organizations throughout the world.\r\nProsecutors in the Western District of Washington charged Andrey Turchin, who resides in Kazakhstan, with five\r\nfelony counts in connection with a year-long fraud effort. Last known to be in Kazakhstan, Turchin allegedly sold\r\nremote access hacking tools on cybercriminal forums, typically charging tens of thousands of dollars for access to\r\ndata that would cost victims tens of millions of dollars.\r\nTurchin went by a series of aliases, including “fxmsp,” according to the Justice Department. He was initially\r\ncharged in December 2018, though the indictment was kept under seal until Tuesday, one month after security\r\nvendor Group-IB released its own research documenting the work of a hacker known by the “fxmsp” alias.\r\n“U.S. authorities have reason to believe that Turchin is aware of the existence of pending criminal charges in the\r\nUnited States,” the indictment states without elaboration.\r\nBetween October 2017 and December 2018, the indictment says, Turchin and his gang used hacking techniques\r\n— including phishing emails, malicious software, and brute-force password guessing— to access protected\r\ncomputers and steal data. Victims included a financial company in New York, a hotel chain with locations in\r\nWashington, an olive oil manufacturing company in California and dozens of others, according to court\r\ndocuments.\r\nThe group then would sell that stolen information on forums including Exploit.in, Omerta, Club2Card,\r\nBlackhacker and others.\r\n“Following a sale, the conspirators typically provided the buyer with ongoing technical assistance with respect to\r\npurchased network access for a negotiated period of time,” the indictment says.\r\nA separate Group-IB report detailing fxmsp’s known activities suggests the operation earned $1.5 million, though\r\nthe company suggested the figures could be much higher. Fxsmp appeared on cybercriminal scene in September\r\n2016, researchers noted, by asking other users about their experience with various strains of malware, and\r\naccidentally exposing his contact information.\r\nBy 2017, Group-IB went on, Fxmsp had advertised access to information stolen from a bank in Nigeria, and had\r\npublicly discussed launching attacks against IBM and Microsoft. The number of victims had reached 18 in early\r\n2018, researchers found, and Fxmsp had begun working with other forum users with names like Lampeduza, who\r\nis named in the indictment, to sell access to dozens of companies.\r\nhttps://www.cyberscoop.com/fxmsp-andrey-turchin-indictment-fraud-stolen-data/\r\nPage 1 of 2\n\n“Fxmsp is one of the most prolific sellers of access to corporate networks in the history of [the] Russian-speaking\r\ncybercriminal underground who publicly advertised the access to 135 companies[,]” Group-IB chief technology\r\nofficer Dmitry Volkv said in the report.\r\nOften, when the U.S. Justice Department unseals an indictment against alleged hackers outside American\r\njurisdiction, it’s an implicit acknowledgment that the suspect will be apprehended soon. John Demers, assistant\r\nattorney general for national security, told CyberScoop in February that, if prosecutors believe an arrest is likely to\r\noccur “within a reasonable time frame,” the government will keep charges sealed.\r\nSeamus Hughes, the deputy director of the Program on Extremism at George Washington University and a\r\nspecialist on court filings, first noticed the court documents had been made public.\r\nThe indictment is available in full below.\r\n[documentcloud url=”http://www.documentcloud.org/documents/6982480-Andrey-Turchin.html”\r\nresponsive=true]\r\nSource: https://www.cyberscoop.com/fxmsp-andrey-turchin-indictment-fraud-stolen-data/\r\nhttps://www.cyberscoop.com/fxmsp-andrey-turchin-indictment-fraud-stolen-data/\r\nPage 2 of 2", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "origins": [ "web" ], "references": [ "https://www.cyberscoop.com/fxmsp-andrey-turchin-indictment-fraud-stolen-data/" ], "report_names": [ "fxmsp-andrey-turchin-indictment-fraud-stolen-data" ], "threat_actors": [ { "id": "ab5dc2a3-16dc-421e-af45-d60c8b4aafac", "created_at": "2023-01-06T13:46:39.012588Z", "updated_at": "2026-04-10T02:00:03.180595Z", "deleted_at": null, "main_name": "Fxmsp", "aliases": [], "source_name": "MISPGALAXY:Fxmsp", "tools": [], "source_id": "MISPGALAXY", "reports": null }, { "id": "312b7781-5501-4c1e-a9d5-9b75e9ad8455", "created_at": "2022-10-25T16:07:24.488292Z", "updated_at": "2026-04-10T02:00:05.006738Z", "deleted_at": null, "main_name": "Fxmsp", "aliases": [ "ATK 134", "TAG-CR17" ], "source_name": "ETDA:Fxmsp", "tools": [ "RDP", "Remote Desktop Protocol" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775434930, "ts_updated_at": 1775826776, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/8fa03c75a70dfa0b4e1797f5552ac24b664c7fe4.pdf", "text": "https://archive.orkl.eu/8fa03c75a70dfa0b4e1797f5552ac24b664c7fe4.txt", "img": "https://archive.orkl.eu/8fa03c75a70dfa0b4e1797f5552ac24b664c7fe4.jpg" } }