Monday, February 10, 2025
HomeCyber Security NewsxDedic Marketplace Admin and Operators Arrested

xDedic Marketplace Admin and Operators Arrested

Published on

SIEM as a Service

Follow Us on Google News

In a landmark victory for cybersecurity, the xDedic Marketplace, a notorious haven for cybercrime, has been shut down. 

This international operation, spearheaded by the U.S. Attorney’s Office, FBI, IRS-CI, and a consortium of law enforcement agencies from Belgium, Ukraine, and Germany, marks a significant blow to the underground economy of compromised data and access.

For years, xDedic operated in the shadows of the internet, serving as a clandestine marketplace for hackers and cybercriminals to peddle their wares. 

Stolen credentials, personal information, and access to compromised systems across the globe were all available for purchase, with buyers able to filter their search by price, location, and operating system. 

This vast repository of ill-gotten gains fueled various criminal activities, from financial fraud and identity theft to corporate espionage and infrastructure disruption.

Unveiling the Shadowy Network:

The takedown of xDedic culminated in a meticulous investigation spanning multiple countries. 

Law enforcement agencies meticulously tracked the website’s operations, unraveling its intricate web of servers strategically dispersed across the globe. 

Bitcoin, the cryptocurrency employed by xDedic, was meticulously traced, providing crucial insights into the marketplace’s financial transactions and user base.

A Multi-pronged Attack:

On January 24, 2019, the hammer of justice fell. Seizure orders were executed against xDedic’s domain names, plunging the marketplace into darkness. 

This decisive action resulted from close collaboration between the U.S. Attorney’s Office, FBI, IRS-CI, and their European counterparts. 

The Belgian Federal Prosecutor’s Office, the Ukrainian National Police, and Europol all played crucial roles in dismantling the website’s infrastructure.

Based on evidence gathered during the investigation, authorities estimate that the website facilitated over $68 million in fraud. 

The victims span the gamut of industries, including government agencies, hospitals, financial institutions, and educational institutions, underscoring the far-reaching impact of xDedic’s illicit operations.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

NetSupport RAT Grant Attackers Full Access to Victims Systems

The eSentire Threat Response Unit (TRU) has reported a significant rise in incidents involving...

Quishing via QR Codes Emerging as a Top Attack Vector Used by Hackers

QR codes, once a symbol of convenience and security in digital interactions, have become...

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...

SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

A severe security vulnerability, tracked as CVE-2025-23369, has been identified in GitHub Enterprise Server...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

NetSupport RAT Grant Attackers Full Access to Victims Systems

The eSentire Threat Response Unit (TRU) has reported a significant rise in incidents involving...

Quishing via QR Codes Emerging as a Top Attack Vector Used by Hackers

QR codes, once a symbol of convenience and security in digital interactions, have become...

New ‘BYOTB’ Attack Exploits Trusted Binaries to Evade Detection, Researchers Reveal

A recent cybersecurity presentation at BSides London 2024 has unveiled a sophisticated attack technique...