Recent Findings on BlackPOS Malware Developer
In a significant update from cybersecurity firm IntelCrawler, details have emerged about the individual behind the notorious BlackPOS malware. This malware previously played a crucial role in the data breaches that affected well-known retailers such as Target and Neiman Marcus. Reports indicate that the alleged author, who operates under the nickname “Ree,” inadvertently left his social media profile active, even after being exposed in prior investigations.
IntelCrawler’s analysis has identified Ree as a 17-year-old programmer named Sergey Taraspov, based in St. Petersburg and Nizhniy Novgorod, Russia. Although he is not directly implicated in executing the attacks, his role as a supplier of BlackPOS malware to various cybercriminal organizations highlights the multilayered nature of modern cyber threats. Notable clients reportedly include operators of underground credit card marketplaces such as “rescator” and “Track2.name.”
Research indicates that the malware specifically targets vulnerabilities within Point-of-Sale (POS) systems, which are essential for processing transactions in retail environments. IntelCrawler’s investigation indicates that prior to the Target breach, hackers were conducting large-scale RDP brute-forcing attacks on POS terminals across the United States, Australia, and Canada. During winter 2013, attackers exploited weak passwords, weakening defenses for numerous businesses.
Recent discussions among cybersecurity researchers have cast doubt on the credibility of IntelCrawler’s findings regarding Ree’s profile. In response, the IntelCrawler team has provided additional evidence linking Ree to underground forums such as “Exploit.in” where he has been observed selling the malware. Despite his technical capabilities, he appears to have neglected the risks associated with maintaining an identifiable online presence.
Interestingly, researchers discovered a profile on the Russian social network VKontakte matching this hacker’s alias, revealing interests in coding and further connecting him to the malicious activities. Utilizing methods like email matching for password recovery options, IntelCrawler has corroborated many of their findings, deepening the insights into the hacker’s identity.
Following further investigations, it has come to light that the individual behind the alias “ree4″—one of BlackPOS’s core developers—may be collaborating closely with Rinat Shibaev, another known entity within the cybercrime community. Shibaev is recognized for his expertise in coding malicious software, which he has reportedly been providing to Taraspov.
As cybersecurity incidents continue to evolve, it is crucial for business owners to remain vigilant. The tactics employed by the actors behind these breaches often fall within the MITRE ATT&CK framework, including initial access through brute-force approaches, persistence via malware deployment, and potential privilege escalation to gain control over compromised systems.
With ongoing research from experts like Andrew Komarov and Dan Clements at IntelCrawler, it is essential for organizations to stay updated on developments regarding BlackPOS and other similar threats. Understanding the profiles of perpetrators can provide valuable insights into safeguarding systems against future attacks.