A mysterious hacker alias Volodya or BuggiCorp is trying to sell zero-day vulnerabilities on Windows to the world’s most dangerous hacker groups.
Reportedly, since 2016, this hacker has been selling zero-day vulnerabilities through an advertisement on an online public forum, the highest price ever given was 95,000 USD. Since then, Volodya has been known to specialize in selling hacking tools and zero-day vulnerabilities.
When it became more known, this hacker also raised the price of the product, up to 200,000 USD.
Costin Raiu’s team, Director of Global Research and Analysis (GReAT) group hunting Advanced Persistent Threads (APTs) at Kaspersky, has been tracking Volodya since 2015. Raiu said, The GReAT documents show that Volodya may have origin in Ukraine, speak fluently Russian, and that his name is abbreviated from Volodimir – a nickname appearing in some of his “works”.
The target audience for this hacker are Russian and Middle Eastern hacker groups, including notorious groups suspected of being government-sponsored hacker groups such as SandCat, FruityArmor (which used to target targets in the Middle East and Asia) and the Fancy Bear (the group that is said to have participated in many attacks on the US in the 2016 election).
All three APT groups above regularly procure hacking tools from known cybercriminals.
According to Kaspersky researchers, a group of hackers recently used a bug named CVE-2019-0859 developed by Volodya. CVE-2019-0859 is not the only vulnerability Volodya has ever created and sold. To find potential customers, this hacker works in tandem with APT groups as well as other little-known cybercriminals.
Currently, it is not known whether Volodya is a “lone wolf” or a group dedicated to developing, promoting, and selling security vulnerabilities. However, Volodya shouting prices to $ 200,000 for zero-day vulnerabilities shows that the black market specializing in trading vulnerabilities has never been hotter.