"Hacker Infected & Foiled by Own Infostealer"
The reputation of the malicious actor "La_Citrix" was based on gaining access to Citrix Remote Desktop Protocol (RDP) Virtual Private Network (VPN) servers and selling them to the highest bidder on Russian-language dark web forums. The threat actor was using an infostealer to collect credentials in malicious campaigns dating back to 2020 until La_Citrix accidentally infected his own computer with the malware and sold it, along with a cache of other stolen data, to threat researchers from Hudson Rock who were on the dark web gathering threat intelligence. According to a report, the first indication of something unusual was when Hudson Rock's Application Programming Interface (API) detected a single user in the stolen data who appeared as an employee at almost 300 different companies. This article continues to discuss the prolific threat actor accidentally infecting their own computer and selling off its contents to threat researchers.
Dark Reading reports "Hacker Infected & Foiled by Own Infostealer"