Cyber Threat Actor: 1x0123
| Actor Type | Location | Known Incidents |
Criminal
|
—
|
0 incidents |
|---|
Profile
The threat actor using the primary alias 1x0123—also identified as Revolver—operates as an opportunistic hacker targeting web-facing infrastructure across multiple sectors. Publicly reported activities demonstrate a focus on financial gain through the exploitation of vulnerabilities in web applications and authentication systems, often followed by extortion attempts or sales of access to compromised systems. This actor has explicitly targeted adult entertainment platforms (Pornhub, Adult FriendFinder), financial services (FIS Global), media (LA Times), and legal services (Mossack Fonseca), with incidents occurring between 2016 and 2017. Operations frequently involve public claims of access via social media, accompanied by screenshots as proof, though some assertions—such as the Pornhub breach—were contested by affected organizations.
1x0123’s tactics center on identifying and weaponizing vulnerabilities in web portals, particularly those enabling unauthorized password resets or arbitrary code execution. In the FIS Global incident, the actor exploited a client portal vulnerability to reset bank employee passwords and access billing records. During the Pornhub campaign, 1x0123 claimed to leverage a flaw in user profile image-handling scripts to upload web shells, later offering command injection access for $1,000. This actor avoids formal bug bounty programs, instead monetizing access through private sales or extortion, as evidenced by demands for payment in exchange for vulnerability details. While no specific malware families are attributed to 1x0123, the actor has demonstrated capability in deploying web shells and manipulating authentication mechanisms. Notable operations include the exfiltration of Guaranty Bank and Trust Company invoices via FIS Global’s systems, attempts to sell access to Pornhub’s infrastructure, and participation in the 2016 Adult FriendFinder breach alongside other hackers. The actor’s public interactions reveal a pattern of taunting victims on social media and retaliating with data leaks when ignored, as seen in the FIS Global case.
