Kaspersky research has shown that hackers are now being recruited with dark web job ads offering huge salaries and benefits!  


According to Kaspersky’s analysis of more than 200,000 employment ads posted on the dark web between January 2020 and June 2022, ‘employers’ have been seeking applications from the best hackers by offering favourable terms of employment including remote work (obviously), full-time employment, flexitime, paid time off, paid sick leave, and even the promise of working with ‘a friendly team’ ! 

Massive Salaries 

If the research by Kaspersky’s Digital Footprint Intelligence team is accurate, it seems that online crime does pay. For example, the median levels of pay offered to IT professionals in the ads varied between $1,300 and $4,000 per month.  

Other ways that Kaspersky’s team observed ‘employers’ seeking to tempt applications from hackers in dark web job ads included offering: 

  • Prospects of promotion and incentive plans/bonuses (or fines, depending). 
  • Levels of compensation (paid in cryptocurrency for privacy) depending on how much effort hackers invest, their contribution, and how successful the ‘business’ is on the whole. 

Reverse Engineering 

The highest median salary of $4,000 could be found in ads for reverse engineers. Although not all reverse engineers are hackers, reverse engineering refers to taking apart a software or hardware system and analysing its components to understand how it works. In some cases, reverse engineering can be used for malicious purposes, such as hacking into a system or creating malware. In these situations, the reverse engineer uses the information gained from the reverse engineering process to exploit vulnerabilities or gain unauthorised access to a system. 

Other Suspect Job Ads – ‘Developers’ and Malware Coders 

Kaspersky’s research noted that although the innocent-sounding “Developers” (accounting for 61 per cent of the job ads) were the most in-demand specialists on the dark web, within this speciality, 60 per cent of the developer ads sought people who create internet products like phishing pages. Another popular skill sought in the ads was malware coding where job descriptions were found to include the development of Trojans, ransomware, stealers, backdoors, botnets, and other malware types, along with the creation and modification of attack tools. Other specialists sought included: 

  • Attackers. These conduct attacks on networks, web applications and mobile devices, and accounted for 16 per cent of the total ads, making them the second most popular jobs among cybercriminal employers. Kaspersky noted that: “Most of the attackers’ jobs on the dark web were associated with actions that would compromise corporate infrastructure. The goals of these actions are ransomware infection, data theft, or stealing cash directly from accounts.” Groups hiring attackers focused on selling access to compromised systems to other cybercriminals or hacking web and mobile applications. 
  • Designers who can create a phishing page or letter that would be hard to distinguish from a real one. These were found to be the third most in-demand professionals with 10 per cent of the observed ads.  

Boost In Demand Following The Pandemic 

The Kaspersky research also noted that the fact that the greatest number of ads were posted in March 2020, was most likely related to the outbreak of the COVID-19 pandemic and the ensuing changes in the structure of the job market. 

What Is The Dark Web Job Market Like? 

The dark web job market is characterised by a mix of both legal and illegal job offers. Some employers offer semi-legal or potentially legal jobs, such as creating IT learning courses, while others offer more dubious or illegal employment arrangements. These may include selling illegal drugs, engaging in fraudulent schemes, or hacking activities, or working with hacker groups. 

Some people are attracted to dark web jobs because of the potential for easy money and high financial gain. However, not all salaries offered on the dark web are significantly higher than those earned legally and depend on experience, talent, and effort. Other individuals may turn to the dark web job market due to dissatisfaction with their current employment, changes in the job market, or a lack of certain candidate requirements. 

Dark web jobs may also appeal to freelancers and remote workers because of the flexibility and freedom they offer, such as the ability to take time off and choose a schedule. Unlike the legitimate job market, however, getting dubious jobs on the dark web comes with the real risk of being arrested and prosecuted, and there is no guarantee of being paid. 

How Are Criminals Able To Simply Advertise For Hackers Online Like This? 

Criminals are confident enough to post job ads on the dark web because it has a level of security and privacy through its use of encryption and anonymising technologies. The most popular tool for accessing the dark web is the Tor (The Onion Router) network, which routes internet traffic through a series of servers around the world, making it difficult to trace the origin of the traffic. This makes it more difficult for policeand even for hackers and other malicious actors themselves, to monitor or interfere with the traffic on the dark web. 

However, the dark web is not completely secure and anonymous. While the technology provides a degree of privacy and security, law enforcement agencies have the resources and expertise to penetrate and monitor dark web activity. For example, they have been able to dismantle some dark web marketplaces and arrest individuals who were found to have been engaging in illegal activities on the dark web. 

Also, the dark web has its own set of security risks, such as the possibility of being scammed or hacked, or being infected with malware. It’s also important to remember that many illegal activities, such as buying or selling illegal drugs or stolen goods, or posting job ads for illegal purposes, are still against the law on the dark web and can result in severe legal consequences if caught.  

Do People Actually Post Their CV On The Dark Web? 

Yes. According to Kaspersky, the research analysed 867 ads that contained specified keywords, 638 of the ads were vacancy postings and 229 were CVs. The statistics suggest, therefore, that jobseekers respond to ads by prospective employers more frequently than they post CVs but, nonetheless, some post CVs on dark web forums that target diverse areas of expertise and job descriptions, such as moderating Telegram channels to compromising corporate infrastructure. 

Monitoring The Dark Web Is A Form Of Defence 

Following the shocking research results, as noted by Polina Bochkareva, Security Services Analyst at Kaspersky: “IT headhunting is one of the numerous topics which is constantly discussed on the Darknet. Nowadays, tracking cybercriminal’s interest and continuous analysis of their activities is vital for companies that want to proactively respond to cyberattacks and keep their information security at the highest level. The more you know about your adversary – the better you are prepared”. 


Some ways that businesses can protect themselves from common cyber-attacks include: 

  • To protect against phishing attacks, businesses can implement anti-phishing software, provide regular security awareness training to employees, and encourage them to be cautious when receiving emails from unknown sources. 
  • Businesses should regularly backup their data, keep their software and operating systems up to date, and train employees to identify suspicious emails and attachments to avoid falling victim to ransomware and other types of malware. 
  • To protect against Distributed Denial of Service (DDoS) attacks, businesses can implement DDoS protection services, monitor network activity for signs of an attack, and have a plan in place for responding to a DDoS attack. 
  • SQL injection attacks involve injecting malicious code into a website’s database in order to steal data or compromise the website. To protect against these attacks, businesses can use parameterised queries to protect against SQL injection, keep their database software up to date, and regularly monitor their websites for signs of an attack. 
  • Seeking the help of their IT Support Company or other security professionals. 
  • Using the multiple sources of Threat Intelligence information to stay aware of actual TTPs used by threat actors. 

What Does This Mean For Your Business? 

The Kaspersky research highlights how the dark web has long been a haven for cyber criminals and that there appears to be a flourishing job market there where ‘employers’ now blatantly use the same enticements that are used in legitimate jobs to attract the most specialised criminals. It looks unlikely that law enforcement or regulation will be able to make much of an impact in shutting down the worst aspects of the dark web in the near future, and even if they do, criminals are likely to move to other secure platforms and channels. It seems, therefore, that the best thing businesses can do is to take the measures mentioned above and remain focused on making their own cyber security as robust as possible and to keep on top of new security measures they need to take going forward.

If you would like to discuss your technology requirements, please:

Back to Tech News