After ignoring hundreds of takedown requests and reports about phishing, malware, carding, and botnet campaigns that operated from its service, MskHost was taken down in the weekend by hacktivists who also stole client data and will now give it to the police. Right now, the service's website, “msk.host,” returns Error 522, which means that the servers have been taken offline by the hacktivists.
In fact, the "well-meaning" intruders hacked the entire hosting infrastructure, the user servers - and exfiltrated all data. Then, they permanently deleted everything they could access, hoping to prevent a quick return to 'business as usual' for MskHost. The hacktivists state that they've found over 100 unread emails in the “abuse” mailbox of the provider at the time of the attack, indicative of the systematic ignorance the firm opted to follow on that front.
The hackers have shared a link to their Telegram channel where they decided to post the “top” clients ranked according to the expenses they made on the platform, revealing their sometimes obviously fake usernames and their email accounts. At the top of the list, the amounts spent to run phishing campaigns are dizzying. In total, the hacktivists found and exfiltrated details about 5,000 clients.
Obviously, with the law enforcement authorities now holding these details, a wide-scope investigation can begin, and some malware distributors will hopefully find trouble. At worse, the malicious operations of the bigger players will be severely disrupted. As the hackers further detail on their Telegram posts, MskHost was making special deals with the malicious actors, offering them bulletproof servers for five times the price indicated on the site for regular clients.
As for how MskHost responded to the incident, they characterized the hack as very efficiently organized, confirming that half of all their servers were removed in mere minutes. They stated that their top-end clients had been restored by Sunday and promised that everything would return online by Monday. Also, they advised people not to click on the links posted by the hackers, which allegedly lead to client virtual machine images, as these are unsafe and created to drop viruses on the visitors’ machines, log IP addresses, etc.
Finally, MskHost stated that they do not plan to continue their operations for much longer now, thanked their supporters, and stated that if they ever return, it will be through a project on a completely different level.