Hackers hack victims hacked by other hackers

Regular net users and corporations are not the lone victims of malicious hackers. Sometimes, the hackers themselves get hacked.

That is what happened successful an antithetic hacking campaign, wherever an chartless radical of hackers targeted systems already compromised by a prolific cybercrime radical known arsenic TeamPCP. Once the hackers broke into those systems, they instantly kicked retired TeamPCP hackers and removed their tools, according to a caller report by cybersecurity steadfast SentinelOne. 

From there, the hackers usage their entree to deploy codification designed to replicate crossed antithetic unreality infrastructure similar a self-spreading worm, bargain assorted types of credentials, and yet nonstop the stolen information backmost to their infrastructure.

TeamPCP is simply a cybercriminal radical that has gathered headlines successful the past fewer weeks, acknowledgment to a bid of precocious illustration hacks attributed to the group. Those hacks person included a breach of the European Commission’s unreality infrastructure, and a broadscale cyberattack against widely utilized vulnerability scanner instrumentality Trivvy, which affected immoderate institution that relied connected it, including LiteLLM and AI recruiting startup Mercor, among others.

Alex Delamotte, the SentinelOne elder researcher who recovered the caller hacking run and dubbed it “PCPJack,” told TechCrunch that it’s not wide who is down it. At this point, Delamotte said her 3 theories are that the hackers are either disgruntled ex-TeamPCP members; are portion of a rival group; oregon a 3rd enactment “who chose to straight exemplary their onslaught tools connected TeamPCP’s earlier campaigns,” galore of which targeted unreality infrastructure. 

“The services targeted by PCPJack powerfully lucifer the December-January TeamPCP campaigns, earlier the alleged alteration successful radical rank that happened successful February-March,” said Delamotte. 

Delamotte besides noted that the hackers don’t conscionable people systems compromised by TeamPCP, but they besides scan the net for exposed services specified arsenic the virtual instrumentality unreality level Docker, databases moving MongoDB, and others. But SentinelOne said the radical appeared mostly focused connected targeting TeamPCP.  

According to the report, the hackers’ ain tools support a tally of the fig of hacked targets wherever they successfully evicted TeamPCP by sending this accusation backmost to its infrastructure.

The goals of the PCPJack hackers look to beryllium purely financial, arsenic they bargain credentials with a absorption connected monetizing them. The hackers bash this by reselling them, selling entree to the hacked systems arsenic alleged archetypal entree brokers — hackers who interruption into systems and past fto paying customers into the hacked machines, oregon by extorting the victims directly.

The hackers, however, bash not effort to instal bundle to excavation crypto connected the hacked systems, apt due to the fact that that strategy requires much clip to reap rewards, according to Delamotte.

As portion of immoderate of their attacks, the hackers are utilizing domains that suggest they are phishing for password manager credentials, and utilizing fake assistance table websites, according to Delamotte.