Kaspersky uncovers online black market with 70,000 hacked servers for sale

A dollar can go a long way — particularly for the cybercriminals who frequent the online black market xDedic, where a paltry $6 can afford full administrative access to a compromised European Union government server.

The revelation comes from an investigation by the cybersecurity firm Kaspersky Lab, which concluded that cybercriminals are currently using the forum to sell access to a striking 70,624 hacked servers across 173 countries — often unbeknownst to the servers’ legitimate owners.

“The ultimate victims are not just the consumers or organizations targeted in an attack, but also the unsuspecting owners of the servers: they are likely to be completely unaware that their servers are being hijacked again and again for different attacks, all conducted right under their nose,” said Costin Raiu, Director of the Global Research and Analysis Team at Kaspersky.

Among the targeted organizations are governments, universities, financial institutions and retailers. A one-time fee provides full access to all of the server’s data and gives cybercriminals free reign of the system, allowing them to install malware that can harvest sensitive information or convert the server into a platform for a wide-scale cyber attack. Once a campaign is complete, hackers frequently post the server for sale again, beginning the cycle anew. 


First appearing in 2014, xDedic appears to have escalated in popularity since mid-2015, leaping from 55,000 compromised servers listed in March 2016 to the current 70,624 in a span of only months. There are currently only 416 sellers active on the forum, suggesting that a relatively small group of dedicated hackers is responsible for the majority of attacks. 

Ten countries account for nearly 50 percent of the compromised servers, with Brazil, China, Russia, India and Spain containing 32 percent of the 70,624 alone. Although xDedic’s founders appear to be Russian-speaking, they claim to have no association with vendors, asserting that they are only hosting a market.

“xDedic is further confirmation that cybercrime-as-a-service is expanding through the addition of commercial ecosystems and trading platforms,” said Raiu. “Its existence makes it easier than ever for everyone, from low-skilled malicious attackers to nation-state backed APTs to engage in potentially devastating attacks in a way that is cheap, fast and effective.”

Latest Podcasts