Researchers Uncover New European Malware-as-a-Service GroupCyfirma Says FusionCore Is a One-Stop Shop for Hacking Services
A crew of English-speaking European teenagers with a variety of skills and knowledge of Greek and Roman mythology are likely behind an up-and-coming cybercrime group called FusionCore.
Active since November, FusionCore is a "one-stop shop" for threats actors, offering services such as malware-as-a-subscription, hacking for hire and ransomware, says security firm Cyfirma, which uncovered the group's activities.
The group also created a separate ransomware affiliate program called AnthraXXXLocker.
FusionCore evolved into a malware-as-a-service group in the second half of 2022 after its founder, who goes by the handle "Hydra," saw an influx of demand for the info stealer malware he or she developed, Cyfirma says.
The handle comes from the Greek name for the nine-headed water serpent found in the swamps of Lerna, eventually killed by Heracles as one of his 12 tasks. Up until its unfortunate encounter with a demigod, the Lernaean Hydra survived decapitation attempts by regenerating its severed heads.
Hydra the hacker brought together other developers to create custom malware variants, while continuing to hire more members through recruitment advertisements posted in a Telegram channel. "The members of FusionCore are young (possibly in their late teens), yet ambitious malware developers who have a wide variety of skills," Cyfirma says.
The custom malware offered by the group includes Typhon Reborn - named after another mythological Greek serpentine creature - a remote access Trojan tool called ApolloRAT, an evasion tool called Cryptonic and new ransomware variant called SarinLocker.
The group also heavily relies on open-source tools such as Obfuscar and NBMiner to offer enhanced evasion and cryptocurrency mining capabilities.
Hydra in March shared a screenshot of the Typhon Reborn dashboard, "set to display Sweden time by default."