KELA's Research TeamDue to its anonymity, the Darknet is flooded with threat actors working together to share information, services, and knowledge required to carry out successful cyber-attacks, particularly within the cybercrime financial ecosystem. We’ve uncovered the real identity of a threat actor dubbed SaNX – a handle that has become an infamous one among many security departments of numerous leading corporations worldwide. Here, we’ll also reveal his activities, other handles in the Darknet, and affiliations to other hacking groups.

Raveed Laeb, Product ManagerThe cybercrime financial ecosystem constantly adapts to meet innovative, emerging business needs. Buyers are interested in gaining the most data in the easiest, most frictionless way possible – and threat actors are glad to lend a helping hand: from Malware-as-a-Service, to monthly subscriptions and data breaches, new services are popping up on a daily basis. This entry focuses on one interesting trend taking hold in many communities: the direct and targeted selling of data obtained from banking Trojans and infostealers. This is carried out both directly by threat actors in cybercrime communities and throughout specialized automated markets, and emphasizes a threat against enterprises: actors monetizing corporate credentials. However, these robust and vibrant markets also provide a great theatre for intelligence collection and an opportunity for defenders to have a look directly into cybercriminals’ operations.