Mysterious hackers offer Windows zero-day vulnerabilities to the world's most dangerous cyber criminals

A mysterious hacker with alias Volodya or BuggiCorp is trying to sell zero-day vulnerabilities on WIndows to the world's most dangerous hacker groups.

It is known that since 2016, this hacker has sold zero-day vulnerabilities through an ad on an online public forum, the highest price ever offered is $ 95,000. Since then, Volodya is known as a seller of hacking tools and zero-day vulnerabilities.

When more known, this hacker also raised product prices, up to $ 200,000.

The team of Costin Raiu, Director of Global Research and Analysis Group (GReAT) specializes in hunting for APT (Advanced Persistent Threads) at Kaspersky, has followed Volodya since 2015. Raiu said, GReAT's documents show that Volodya may be originally from Ukraine, speak Russian fluently, and his name is abbreviated from Volodimir - a nickname that appears in some of his "works".

This hacker audience is Russian and Middle Eastern hacker groups, including notorious groups that are suspected government-sponsored hacker groups such as SandCat, FruityArmor (the group has targeted the Middle East and Asia) and Fancy Bear (the group is said to have participated in many attacks on the US in the 2016 election).

All three APT groups regularly purchase hacking tools from reputable cyber criminals.

According to Kaspersky researchers, a group of hackers recently used a bug called CVE-2019-0859 developed by Volodya. CVE-2019-0859 is not the only flaw Volodya has ever created and sold. To find potential customers, the hacker works alongside APT groups as well as other less-known cyber criminals.

Currently, it is still impossible to determine whether Volodya is a "lone wolf" or a group specializing in developing, promoting, and selling security holes. However, Volodya's screaming price of $ 200,000 for zero-day vulnerabilities suggests that the black market specializes in dealing with security holes that have never been hot.