A criminal marketplace on the darknet is used by hackers to sell access to power plants, hospitals, banks, police databases, and airlines.
Cyber mercenaries are breaching the systems of governments, financial institutions, critical infrastructure, and businesses, then selling access to them on a marketplace on the darknet, a hidden internet accessible only via specialized software.
All of this is happening on a darknet black marketplace known as the CMarket or “Criminal Market,” formerly known as “Babylon APT.” The marketplace contains a public market, invite-only submarkets, and hacker-for-hire services ready to breach any network in any country.
The Epoch Times was provided with analysis, screenshots, and chat logs from the marketplace by darknet intelligence company BlackOps Cyber. An undercover operative for the company gained access to the marketplace’s invite-only sections and grew close to several of its top members.
According to BlackOps, the site is run by hackers from several countries, who claim to be Latin. However, the main operative, according to the researchers, appears to be a state hacker working for the Chinese Communist Party. The individual runs his operations for the Chinese regime in his day job, and then when operations are finished, he sells the data on companies, governments, and other targets on the black market.
“He doesn’t mind doing that crossover and back and forth from the underworld to his workplace,” BlackOps said. “He’ll also recruit in the underground for his side business.”
The CMarket group brought together several international cybercrime syndicates, says BlackOps. The researchers noted that when the CMarket criminals are overworked, they contract out jobs to a team of hackers in Brazil. Some members of the group also appear to be Philippine nationals.
A CMarket seller stated in one of the chat logs that the group established their own market because sellers on other darknet black markets deemed their offerings too likely to gain attention from law enforcement. He wrote, “They’re afraid of our products.”
When cybersecurity experts try to trace the origins of a cyberattack, the typical methods are to look at the tools used, to analyze which type of group would be interested in the target, and to look at other cyberattacks that used similar tools or had similar criminal interests.
The findings on the CMarket throw this system of attribution out the window, as they show significant overlap between governments, cybercrime syndicates, and global cartels and organized crime networks.