{"id":3033,"date":"2021-08-06T09:58:06","date_gmt":"2021-08-06T09:58:06","guid":{"rendered":"https:\/\/fortgale.com\/news\/?p=3033"},"modified":"2026-06-08T23:00:56","modified_gmt":"2026-06-08T23:00:56","slug":"black-markets-organisation-data","status":"publish","type":"post","link":"https:\/\/fortgale.com\/blog\/emerging-threats\/black-markets-organisation-data\/","title":{"rendered":"Black Markets: how they are organised and what data they hold"},"content":{"rendered":"\n<div class=\"wp-block-media-text alignwide\" style=\"grid-template-columns:28% auto\"><figure class=\"wp-block-media-text__media\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/Immagine1.png\" alt=\"\" class=\"wp-image-3036\" loading=\"lazy\" \/><\/figure><div class=\"wp-block-media-text__content\">\n<p style=\"text-align: justify\">Cybercriminal activity is frequently discussed in terms of malware, ransomware, and extortion schemes, yet one aspect of particular analytical interest concerns the infrastructure sustaining the entire criminal enterprise: black markets and underground forums.<\/p>\n\n\n\n<p style=\"text-align: justify\">This article presents operational details observed on a known black market apparently associated with threat actors from Eastern Europe and Russia. Attribution to these regions, however, should not be considered definitively reliable.<\/p>\n\n\n\n<p style=\"text-align: justify\">The image on the left displays the market menu subdivided into the following sections:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong>CVV \/ DUMPS<\/strong><ul><li>payment card data and related information;<\/li><\/ul><\/li><li><strong>RDP<\/strong><ul><li>remote access via RDP protocol to compromised servers;<\/li><\/ul><\/li><li><strong>Stealer Logs<\/strong><ul><li>access to compromised workstations and all contained data (passwords, cookies, files);<\/li><\/ul><\/li><li><strong>PayPal<\/strong><ul><li>user\/password credentials for PayPal accounts;<\/li><\/ul><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li>Various tools.<\/li><\/ul>\n<\/div><\/div>\n\n\n\n<p class=\"wp-block-paragraph\"><br>The login interface:<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-8-1024x713.png\" alt=\"\" class=\"wp-image-3061\" loading=\"lazy\" \/><\/figure>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\">Stealer Logs<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-style-zoooom\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-5-1024x485.png\" alt=\"\" class=\"wp-image-3052\" loading=\"lazy\" \/><\/figure>\n\n\n\n<p style=\"text-align: justify\">One of the most operationally significant sections concerns the trading area for compromised systems. The listing represents systems\u2014typically workstations\u2014infected with malware. Prospective buyers gain access to exfiltrated data from individual machines, user-stored credentials, and session cookies. The dropdown menu displays malware variants used for compromise. System listings are organized by country and associated with metadata including registered website credentials (session cookies and passwords) and pricing.<\/p>\n<p>Average pricing approximates USD 10 per workstation. Purchase grants not only access to previously exfiltrated data but also remote system access enabling targeted attack execution.<\/p>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\">RDP<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-style-zoooom\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-6-1024x504.png\" alt=\"\" class=\"wp-image-3053\" loading=\"lazy\" \/><\/figure>\n\n\n\n<p style=\"text-align: justify\">Within the unauthorized access segment, the RDP section contains listings of compromised perimeter systems for which threat actors resell access credentials (username and password pairs for RDP protocol).<\/p>\n<p style=\"text-align: justify\">Pricing varies according to system classification and hardware specifications of the target machine.<\/p>\n\n\n\n<h2 class=\"has-text-align-center wp-block-heading\">DUMPS and CVV<\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-style-zoooom\"><img decoding=\"async\" src=\"https:\/\/fortgale.com\/news\/wp-content\/uploads\/sites\/2\/2021\/08\/image-7-1024x443.png\" alt=\"\" class=\"wp-image-3055\" loading=\"lazy\" \/><\/figure>\n\n\n\n<p style=\"text-align: justify\">Within these black market sections, payment card information and CVV codes are available for purchase. Threat actors obtain this data through <a href=\"https:\/\/fortgale.com\/en\/cyber-threat-intelligence\/\">Cyber Threat Intelligence<\/a> collection via:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>workstation compromise (yielding stealer logs);<\/li><li>web application and e-commerce platform compromise.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Underground marketplaces structure: vendor reputation, escrow models, product taxonomy (credentials, accesses, malware kits, leaked data) and policing dynamics.<\/p>\n","protected":false},"author":1,"featured_media":2615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[3258,1737,1739,1741,3261,3260,1651,1565,3195,1743,1745,3259],"class_list":["post-3033","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-emerging-threats","tag-black-markets","tag-blackmarket-it","tag-coockie-it","tag-cvv-it","tag-dark-web","tag-data-trade","tag-dump-it","tag-ecommerce-it","tag-initial-access-brokers","tag-paypal-it","tag-rdp-it","tag-underground-economy"],"_links":{"self":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3033","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/comments?post=3033"}],"version-history":[{"count":2,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3033\/revisions"}],"predecessor-version":[{"id":9893,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/posts\/3033\/revisions\/9893"}],"wp:attachment":[{"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/media?parent=3033"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/categories?post=3033"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/fortgale.com\/blog\/wp-json\/wp\/v2\/tags?post=3033"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}