Discovered: Criminal hackers with hacking competitions


Share post

Sophos X-Ops uncovers hacker research competitions on criminal online forums to innovate and overcome security hurdles in a new report. These cybercriminal research competitions also award individual prizes of up to $80.000.

Sophos X-Ops describes in its new report “For the win? Offensive Research Contests on Criminal Forums” Hacker research contests conducted by cybercrime forums to drive new attack innovations. The competitions focus on new attack and evasion methods and reflect cybercrime trends such as taking down AV/EDR, cryptocurrency fraud and setting up command-and-control infrastructures.

Hacker groups compete to find new attack routes

The competitions are similar to the “call for papers” of legitimate security conferences and offer winners significant financial rewards, recognition from colleagues and potential job opportunities. The uncovered submitted posts provide cybersecurity experts with valuable insight into the modus operandi of cybercriminals and how they attempt to overcome security hurdles.

“The fact that cybercriminals host, participate in, and even sponsor these contests suggests that there is a collective goal to further develop their tactics and techniques. There is even evidence that these competitions serve as a recruiting tool for prominent cybercriminal groups,” says Christopher Budd, director of threat research at Sophos.

It used to be harmless, but today it's about big money

The fact that hacker competitions are held on criminal forums is nothing new; the practice has existed for years. What is interesting, however, is how they have evolved over time. Early promotions included quizzes, graphic design competitions and quizzes. Criminal forums now invite submissions of articles on technical topics, including source code, videos and/or screenshots. The collected works are then rated by the forum users and the winner is determined. However, the judging is not completely transparent as the forum owners and competition sponsors appear to have special voting rights.

“While our research shows an increased concentration of cybercrime on Web 3-related topics such as cryptocurrencies or NFTs, many of the winning contest submissions had broader applications. They were characterized by the fact that they could be used almost immediately and were often not particularly innovative. "This could either reveal the community's priorities, or it could be evidence that attackers want to keep their best research results to themselves in order to avoid being exposed and then use their new tactics profitably in real attacks," continued Christopher Budd .

Sophos examined two competitions in more detail

Sophos Prize money of $80.000 was available here in 2021. For several years, prominent members of the cybercrime community have sponsored these events, including All World Cards and Lockbit.

In recent competitions, Exploit has focused its bidding on cryptocurrencies, while XSS has focused on topics ranging from social manipulation and attack vectors to evasion methods and scam offers. Many of the winning entries focused on abusing legitimate tools like Cobalt Strike. A runner-up shared a tutorial on hosting initial coin offerings (ICOs) to raise funds for a new cryptocurrency and another on manipulating privileges to disable Windows Defender.

More at


About Sophos

More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.


Matching articles on the topic

Report: 40 percent more phishing worldwide

The current spam and phishing report from Kaspersky for 2023 speaks for itself: users in Germany are after ➡ Read more

BSI sets minimum standards for web browsers

The BSI has revised the minimum standard for web browsers for administration and published version 3.0. You can remember that ➡ Read more

Stealth malware targets European companies

Hackers are attacking many companies across Europe with stealth malware. ESET researchers have reported a dramatic increase in so-called AceCryptor attacks via ➡ Read more

IT security: Basis for LockBit 4.0 defused

Trend Micro, working with the UK's National Crime Agency (NCA), analyzed the unpublished version that was in development ➡ Read more

MDR and XDR via Google Workspace

Whether in a cafe, airport terminal or home office – employees work in many places. However, this development also brings challenges ➡ Read more

Test: Security software for endpoints and individual PCs

The latest test results from the AV-TEST laboratory show very good performance of 16 established protection solutions for Windows ➡ Read more

FBI: Internet Crime Report counts $12,5 billion in damage 

The FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which includes information from over 880.000 ➡ Read more

HeadCrab 2.0 discovered

The HeadCrab campaign against Redis servers, which has been active since 2021, continues to successfully infect targets with the new version. The criminals' mini-blog ➡ Read more