In order to reveal their true identity, a threat actor infected their own machine with an information thief. This allowed the Israeli threat intelligence business Hudson Rock to identify the threat actor. Since 2020, a threat actor going by the online alias “La_Citrix” has been active on Russian-speaking cybercrime forums, providing access to compromised businesses and info-stealer logs from active infections.
According to Hudson Rock, La_Citrix has been seen breaking into businesses and compromising Citrix, VPN, and RDP servers in order to resell unauthorised access to them. The cybersecurity company claims that the hacker was negligent enough to infect their own computer with an information thief and then sell access to the device without being detected.