Unearthing a new assembly of Russian hackers with an element of theatrical flair, a polished user-interface, and a meticulous business model isn’t a common occurrence. Yet, this is exactly what occurred when our security research team stumbled upon “AlphaLock,” an organization touted as a “pentesting training organization,” which essentially tutors aspiring hackers and capitalizes on the results via a dedicated affiliate program.
“Let’s Hang Out on Telegram. No Law Enforcement Will Suspect That.” Idiots.
This odd, audacious, and well-advertised cybercrime gang got uncovered through a public Telegram channel, which has since become private. The team’s emergence and notoriety in 2023 reflects a significant cybercrime trend for the year, precisely, a diverse and specialized criminal cadre with intricate supply chains which enable economies of scale.
In this wave, AlphaLock notably emerged as one of the initial instances of a threat group ambitiously trying to construct, from start to finish, its own revenue-generating pipeline. Their business model bifurcates into two main divisions: namely, Bazooka Code Pentest Training and the ALPentest Hacking Marketplace.
AlphaLock veils its operations behind the proclaimed ‘noble cause’ of tutoring “pentesters,” a narrative that many security researchers can recognize from similar claims made by ransomware groups. However, their intentions lay bare as the group endeavors to train an army of hackers through dedicated online courses. They have detailed about their activities in a Telegram channel.
The Russian Education System Must Be Pretty Awful if You Can Beat it with $185
They’ve argued how their education system for hackers, which costs $185 and lasts two months, outweighs traditional education in Russia (this is because theyre Russian Hackers, and it’s self serving). They’ve broken down the estimated expenses, justifying their course as a more efficient and rewarding avenue for aspiring threat actors.
But AlphaLock’s operation isn’t confined to training hackers. They’ve also ventured into the darker underbelly of the internet, the XSS dark web forum, where they appear to have plans for an affiliate program, potentially amassing a significant portion of their profits.
They’re aiming to use their newly trained hackers to foster a marketplace where other threat players can acquire “pentesting services” geared towards designated organizations. Their affiliate program was announced through a dance video, showcasing their ostentatious marketing flair.
Moving Hosts – Guess What Fellas – Its Over. Nobody likes Russian Hackers.
However, their audacity has inadvertently invited unwanted attention. A few days ago, they posted a lengthy statement, revealing their plans to move their operations to Matrix, a lesser-known and decentralized chat application due to an influx of ‘negative attention.’ In this new space, they’ve unveiled plans to focus on premium content, including launching a YouTube channel.
Despite the seemingly unwelcome attention, AlphaLock seems to be thriving, demonstrating the clear, present, and ever-evolving threat cybercrime presents in our increasingly interconnected digital world.