w0rm hacking crew

w0rm hacking crew is a cybercriminal group that carries out illicit intrusions and subsequently offers the stolen information for sale on its own underground forum. The crew has been linked to several high‑profile attacks against media organizations, demonstrating a capability to breach well‑known targets. Its primary activity involves exfiltrating data from compromised systems and listing that data for purchase, often pricing it in multiple currencies such as US dollars, euros, and Bitcoin. The group operates covertly, using the forum as a marketplace for its own exploits and for data obtained from other threat actors. These activities place w0rm within the broader ecosystem of cybercriminal service providers that monetize unauthorized access.

On September 19, 2015, w0rm hacking crew breached the rival hacking group Monopoly, which specialized in selling fraud‑related user data, and exfiltrated its database. The stolen data was then advertised for sale on w0rm’s forum at prices of $500, €450, or 2.15 Bitcoin, although the exact contents of the database were not disclosed and could have included credentials, exploit kits, or botnet tools. Notably, there was no documented prior conflict or rivalry between w0rm and Monopoly before this incident, indicating the attack was motivated by business opportunity rather than personal grudge. This event exemplifies w0rm’s tendency to treat other criminal groups as targets for data acquisition and resale, reinforcing its role as an aggressive actor in the underground market. No further details about the crew’s size, organizational structure, or ownership are publicly available.