Cyber Threat Actor: Spielerkid89
| Actor Type | Location | Known Incidents |
Hacker
|
—
|
0 incidents |
|---|
Profile
The threat actor using aliases austinsimon864 and Spielerkid89 has engaged in publicly reported cyber operations with distinct characteristics. As austinsimon864, the actor functioned as an initial access broker (IAB), claiming compromise of Deutsche Bank’s corporate network in November 2022. The actor advertised access to approximately 21,000 machines—primarily Windows systems protected by Symantec endpoint detection and response (EDR) tools—alongside file servers containing 16 terabytes of internal data, domain administrator (DA) privileges, and VPN/VDI credentials. This access was offered for sale at 7.5 Bitcoin (~$156,274), targeting buyers seeking financial gain through potential data theft or further network exploitation. The actor emphasized proof-of-funds verification to deter non-serious inquiries and was linked by security researchers to prior IAB activity involving Australian health insurer Medibank.
Under the alias Spielerkid89, the same individual demonstrated opportunistic intrusion capabilities against Russian government entities during March 2022. Following Russia’s invasion of Ukraine, the actor used Shodan to identify Russian IP addresses with exposed virtual network computing (VNC) ports lacking authentication controls. This led to unauthorized access to a computer within the Omsk regional Ministry of Health’s network, exposing employee names, internal IP addresses, and financial documents. The actor explicitly stated no malicious intent, did not exfiltrate data or deploy malware, and characterized the intrusion as an experiment highlighting poor cyber hygiene. Technical analysis confirmed the breach exploited misconfigured VNC access—a common initial attack vector—but resulted in no disruptive impact. While both aliases reflect intrusions into high-value targets (financial institutions and government entities), austinsimon864’s activities align with criminal monetization objectives, whereas Spielerkid89’s actions lacked overt financial or disruptive aims beyond demonstrating vulnerability exposure. No affiliations with state actors or organized groups were cited in reporting.
