An Israeli threat intelligence company, Hudson Rock, has uncovered the real identity of a threat actor using the online moniker ‘La_Citrix’ after the hacker accidentally infected their own computer with an information stealer. La_Citrix had been active on Russian speaking cybercrime forums, offering access to hacked companies and info-stealer logs.
The hacker compromised Citrix, VPN, and RDP servers to sell unauthorized access. Hudson Rock discovered employee credentials from nearly 300 organizations on the compromised computer, helping them identify the threat actor’s real identity and location. The evidence will be forwarded to law enforcement authorities, and the company warns that similar incidents of hackers infecting their own systems may increase as info-stealer infections grow.