A report by ZDNet has revealed that a mysterious hacker is selling Windows zero-day exploits to the world’s most notorious cybercrime groups for the past three years. At least three cyber-espionage groups also known as Advanced Persistent Threats (APTs) are regular customers of this hacker.
According to experts from Kaspersky Lab, the hacker going by the pseudonym “Volodya” is a recognized name in the hacking world as he previously sold a zero-day vulnerability to a cyber-crime group on the disreputable Exploit.in cyber-crime forum.
At that time he was operating under the codename “BuggiCorp” and shocked the world by posting an advertisement for a zero-day vulnerability on a public forum.
Costin Raiu, Director of the Global Research and Analysis Team (GReAT) at Kaspersky Labs, told ZDNet that they have been tracking Volodya since 2015.
“Our observations indicate Volodya ( short for ‘Volodimir’) is fluent in Russian, although likely of Ukrainian origin. Volodimir is also not a Russian name, but Ukrainian,” says Raiu.
The APT groups who are purchasing these flaws include infamous names like Fancy Bear, which is a Russian cyber espionage group.
Volodya is also behind the recent CVE-2019-0859 which is a zero-day exploit in Microsoft Windows operating system. The exploit was reported by Kaspersky and has been patched now. It is one of the many zero-day vulnerabilities that have been linked to Volodya.
ZDNet also reports that some zero-day flaws were sold for as high as $200,000 by Volodya. Researchers are also not ruling out the possibility that Volodya has his own team of hackers who are helping him in selling Windows zero-day hacks for the past three years.
The report is enough to prove that cyber-espionage groups are splurging hefty money to grab hold of zero-days hacks from notorious hackers.