Mapping “Fly”, a threat actor with links to Russian Market’s infrastructure
Key findings
- The presence of “FLY”, a threat actor with links to Russian Market on various channels, including cybercrime forums and Telegram. Contrary to claims made on the website Russian Market, we found evidence that a threat actor linked to the marketplace has an online presence on Telegram and other channels. We cannot determine with certitude that “FLY” is a Russian Market administrator, but we can confirm that he has links to the platform and was the first user to promote the marketplace publicly via the username “FLYDED”, which was also the previous name of Russian Market.
- Querying Whois records of older domains related to Russian Market’s infrastructure revealed e-mail addresses potentially belonging to its owner. A malicious file acting stealer-like from 2018 was associated with these mail addresses and a user named “AlexAske”.
- The bitcoin infrastructure used by Russian Market, uncovering link to non-KYC exchanges, illegal mixing services, and a wallet directly associated with the threat actor “FLY”, furthering the links between this online profile and the Russian Market platform.
Intrinsec’s CTI services
Organisations are facing a rise in the sophistication of threat actors and intrusion sets. To address these evolving threats, it is now necessary to take a proactive approach in the detection and analysis of any element deemed malicious. Such a hands-on approach allows companies to anticipate, or at least react as quickly as possible to the compromises they face.
For this report, shared with our clients in January 2025, Intrinsec relied on its Cyber Threat Intelligence service, which provides its customers with high value-added, contextualized and actionable intelligence to understand and contain cyber threats. Our CTI team consolidates data & information gathered from our security monitoring services (SOC, MDR …), our incident response team (CERT-Intrinsec) and custom cyber intelligence generated by our analysts using custom heuristics, honeypots, hunting, reverse-engineering & pivots.
Intrinsec also offers various services around Cyber Threat Intelligence:
- Risk anticipation: which can be leveraged to continuously adapt the detection & response capabilities of our clients’ existing tools (EDR, XDR, SIEM, …) through:
- an operational feed of IOCs based on our exclusive activities.
- threat intel notes & reports, TIP-compliant.
- Digital risk monitoring:
- data leak detection & remediation
- external asset security monitoring (EASM)
- brand protection
For more information, go to intrinsec.com/en/cyber-threat-intelligence/.
