Security Experts:

Connect with us

Hi, what are you looking for?



Over 176,000 Unique Hacked Servers Sold on xDedic Marketplace

Last week, Kaspersky Lab security researchers shared research on xDedic, a shady marketplace where access to hacked servers was being sold, and revealed that it spotted over 70,000 items for sale.

Last week, Kaspersky Lab security researchers shared research on xDedic, a shady marketplace where access to hacked servers was being sold, and revealed that it spotted over 70,000 items for sale.

While that figure alone is impressive, it seems that it is only the tip of the iceberg. The real number of hacked servers that have been traded on xDedic since October 2014, when it first appeared, is around three times larger, the researchers have recently discovered.

Soon after the initial report on xDedic emerged online, the marketplace was closed. This isn’t a surprise, since many cybercriminals prefer to go into hiding as soon as their nefarious activities are made public. What’s interesting, however, is that, as soon as the marketplace went down, Kaspersky Lab received information on the servers that were traded on it.

According to a new blog post, a whopping 176,000 unique hacked servers were traded on xDedic between October 2014 and February 2016. The data set they received shows all entries until the end of the day February 29, 2016, and supposedly comes from a person who had access to detailed information on the servers traded on the marketplace.

Kaspersky Lab researchers were provided with a list of IP addresses and date information, which they managed to link to some of the servers already spotted on xDedic. After verification, they assumed that the newly provided data was real, and managed to update their previous analysis accordingly.

Following the update, the United States was the most affected country when it comes to compromised servers sold on xDedic, with 60,081 records. The United Kingdom follows with 8,817 servers, trailed by Brazil (8,770 servers), Canada (6,112), France (5,973), Spain (5,954), Australia (5,855), Russia (5,608), Italy (5,536), and Germany (4,988).

Based on the new data, the United States accounts for 34% of the hacked servers, while the UK and Brazil account for 5% each. According to Kaspersky, the new data, which places the US, UK, Canada, and Germany on top 10 most affected countries, shows a more realistic picture of all compromised servers than what their previous data revealed.

The researchers also say that the source of this data, which remains anonymous, is either someone who has been constantly monitoring the xDedic marketplace and also had access to full IP information, or someone who had advanced access to the backend. Moreover, they explain that the servers they previously saw on the marketplace were only those less desirable, which also explained their low price.

“For us it was yet another confirmation that when it comes to cybercrime, we often see just the tip of the iceberg. The reason why the xDedic marketplace looked smaller to the buyer is because the most desirable servers were often sold almost as soon as they were added to marketplace, leaving only the least interesting and unwanted servers for sale,” the researchers say.

The most expensive server on xDedic was $6,000, researchers reveal, while adding that only around 50 servers cost more than $50 and that all of them were in the United States. Apparently, a group called “Narko” had the top 10 most expensive servers on the marketplace, but the researchers couldn’t explain why their servers were more expensive than others, nor where they were located exactly.

Related: Hackers Will Break Into Email, Social Media Accounts for Just $129

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...