In recent weeks, prominent cybercrime investigative journalist, Brian Krebs, published two stories on cybercriminal network access brokers. In both investigations, he used Constella Intelligence’s Hunter platform to track the digital footsteps left by these criminals.
Krebs’ first story focuses on “Babam,” a major seller of initial access credentials to ransomware groups over the past few years. Using Constella’s cyber intelligence platform, Hunter, in coordination with others, Krebs was able to track Babam, revealing email addresses, online account registrations, usernames, passwords, domains, and multiple data breaches.
His second story examines some of the clues left behind by “Wazawaka,” the hacker handle chosen by a major access broker in the Russian-speaking cybercrime scene. Again, Krebs used Hunter and leveraged Constella’s curated breach data collection, the largest on the planet, to track this network access broker. Wazawaka used multiple email addresses and nicknames on several Russian crime forums, but data collected using Constella’s platform show that Wazawaka’s alter egos always used one of three fairly unique passwords: 2k3x8x57, 2k3X8X57, and 00virtual.
Findings related to Babam and Wazawaka in these stories were acquired by performing research using Constella Hunter, a platform for investigating threat actors and unmasking attackers that helps users efficiently attribute identities and identify further intelligence across multiple data sources simultaneously. The tool is used by government and other public agencies, top financial services organizations, and many others.
Supporting Law Enforcement and Industry Leaders
Constella Intelligence is proud to partner with cybercrime investigative journalists and organizations fighting cybercrime such the Anti-Human Trafficking Intelligence Initiative (ATII) and the UK’s Cyber Defence Alliance (CDA).
In addition to tracking notorious network access brokers providing initial access to cybercriminal gangs, Hunter was recently used at an ATII Dark Web Hackathon. Constella’s Hunter platform enabled participants to conduct targeted analysis to identify real-world identities behind critical threats by managing multi-source data, spotting connections, and identifying networks of activity. This program provided Constella the opportunity to work with industry leaders and law enforcement, creating a united front in the fight against human trafficking challenges on the dark web.
Constella’s work in the fight against cybercrime spans globally. The UK’s CDA, a non-profit public-private partnership that works collectively and collaboratively across the financial sector and with law enforcement to proactively share information to fight cybercrimes and threats, has a partnership with Constella to accelerate cybercrime investigations in the banking sector and make use of cybercrime fighting tools that leverage and champion OSINT data for the purposes of cyber investigations and threat attribution. This partnership enables greater data sharing between key cyber intelligence stakeholders and streamlines the processes and technology used to escalate criminal activity to law enforcement to protect the banking sector.
Constella Intelligence is committed to working with law enforcement, industry leaders, and investigative journalists in the fight against cybercrime.
Hunter is a platform designed to improve the fraud investigation process to make it easier and quicker to stay ahead of threat actors and unmask attackers by helping users efficiently attribute identities and identify further intelligence across multiple data sources simultaneously to expose the true identity of threat actors.
“With Hunter, we uncovered the real identity of a bad actor that led us to a criminal group selling credentials from our financial institution in a matter of hours, saving us +$100M from identifying fraudulent credit cards.” – Security Executive at a Top 5 Global Bank