Group Demstenes found to be working around the clock to exfiltrate stolen data from command and control servers. The C2 was meant to securely store the stolen data, but it contained a crucial vulnerability which allowed researchers to download the data. The server was also being used as a one-stop-shop for purchasing hacking goods. The attackers also reveal the scope of their victims, noting those who are registered with Amazon, Netflix, Apple Bank of Australia and even National Barclays. The website allows users to register an account and login to purchase the goods.”]
Source: https://securelist.com/one-stop-shop-server-steals-data-then-offers-it-for-sale/76986/