An online market that offered cheap hacked servers returns

The market, called xDedic, went down last month on June 15 right after security firm Kaspersky Lab publicly exposed it. Access to more than 70,000 compromised servers from governments, businesses and universities had been sold through the site, in the two years it was in operation.

Kaspersky Lab, however, reported its finding to law enforcement agencies and said that “several major” internet service providers helped shut the site down.  

But after a brief hiatus, the makers of xDedic have been quick to revive the marketplace, security firm Digital Shadows said on Tuesday.

On June 24, an anonymous user named xDedic was spotted sharing the site’s new address on a Russian hacking forum, according to Digital Shadows.

The new xDedic site was found to be identical to the original one, although none of the previous user accounts were carried over. The domain was also shared on a French language criminal website located on the dark web.

It’s still unknown how many users the revived xDedic site currently has, but the previous site attracted 30,000 users a month, Digital Shadows said.

Once more hackers become aware of the site, it may only be a matter of time before it becomes popular again, the security firm added. The new xDedic site has opened user registration to all, but at the cost of paying $50.

On Tuesday, Kaspersky Lab said it’s also become aware of xDedic’s return and is monitoring the situation. The company is sharing all its findings with the relevant law enforcement agencies.

Kaspersky Lab has called the site a “hacker’s dream.” With cheap access to so many compromised servers, a buyer could use them to send out spam, steal data, or launch other cyber attacks.

Some evidence suggests that the xDedic site had actually sold access to as many as 170,000 servers, with the bulk of them located in the U.S. Kaspersky Lab has been alerting victims who were found to be affected.