Researchers have discovered an online store where criminals sell access to hacked servers
Server admin credentials were being trafficked on the SSH–Zone site and could be used to distribute malware or run botnet command-and-control servers.
The online shop sold admin information for Plesk and OpenSSH running on hacked Linux servers and amassed credentials using an automated cracking method, AlienVault researcher Alberto Ortega reported.
Researchers believe that Russian attackers were behind the operation due to the written language in the site.
A report by 41st Parameter said stolen credentials were often “packaged in a standardised format” and later used to further extract information from victims through spear phishing campaigns.
