Cyber Mercenaries: Focus On Hackers-for-Hire

Uploaded on 2021-11-17 in TECHNOLOGY--Hackers, FREE TO VIEW

A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks first dtecetd in 2015. 

Trend Micro has published details of a new Russian-speaking cyber-mercenary group that has been guilty of around 3500 victims over the past six years and human rights activists, journalists, politicians, telecommunications engineers and medical doctors are among those who have been targeted by the group.

So-called “Void Balaur” named after an evil creature from Eastern European folklore, the group aslo goes by the name “Rockethack” on underground Russian language forums, where it has been advertising since 2018 to 100% positive reviews.

According to Trend Micro’s, Void Balaur focuses on compromising email and social media accounts and selling sensitive personal and financial information, including telecoms data, passenger flight records, banking data and passport details. “One of the threat actor’s primary services is hacking into the mailboxes of email providers and social media accounts"  In some cases, they can even provide complete copies of mailboxes that are stolen without any user interaction for a higher price, says the Report.

Global targets include a wide range, from Russian telecoms services to ATM vendors, financial services firms, medical insurers and even IVF clinics.

These are selected as they store lucrative personal and corporate information that can be sold at a relatively high price. The group charges over $800 for phone call records with cell tower locations, for example. “The group uses Russian underground websites to advertise their products and services, especially in forums such as Darkmoney and Probiv. Void Balaur apperas to be highly respected in these underground forums, as the feedback for their services is almost unanimously positive, with their customers pointing out the threat actor’s ability to deliver the requested information on time, as well as the quality of the data being provided,” say Trend Micro.

Some of these attacks overlap with individuals targeted by the notorious Kremlin-backed Pawn Storm group, sometimes known as Fancy Bear,  although it’s not thought the two groups are connected.

According to Trend Micro, phishing and malware and its main tools to compromise its victims. That makes multi-factor authentication (MFA), end-to-end encrypted apps, as well as robust email and corporate detection and response tools vital. 

The proliferation of groups like Void Balaur is a consequence of a highly professional cyber crime economy, according to Trend Micro's threat research expert Feike Hacquebord. “Given the insatiable demand for their services and harboring of some actors by nation-states, they’re unlikely to go away anytime soon... The best form of defense is to raise industry awareness of the threat in reports like this one and encourage best practice cybersecurity to help thwart their efforts.” he said.

To protect against hacking campaigns, Trend Micro recommend using multi-factor authentication to protect email and social media accounts and to use an app or physical key rather than a one-time SMS passcode, which could be exploited by attackers. They also recommend only using email services from reputable providers with high privacy standards and that encryption should be used for as many communications as possible.

Trend Micro:      Infosecurity Magazine:      ZDNet:    TechRadar:    Oodaloop:       InfoSecToday

You Might Also Read:

Ransomware: One Percent Makes A Big Impact:

 

« One Fifth Of British Adults Suffer Online Fraud
Do People Lie More Often When Using Social Media? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Absolute Software

Absolute Software

Absolute provides persistent endpoint security and data risk management solutions for mobile devices - computers, tablets, and smartphones.

Ridgeback Network Defense

Ridgeback Network Defense

Ridgeback is an enterprise security software platform that defeats malicious network invasion in real time. Ridgeback champions the idea that to defeat an enemy you must engage them.

Hexatrust

Hexatrust

The HEXATRUST club was founded by a group of French SMEs that are complementary players with expertise in information security systems, cybersecurity, cloud confidence and digital trust.

Immersive Labs

Immersive Labs

Immersive Labs have created a kinesthetic learning platform which identifies gaps in your teams cyber skills.

VS Security Products

VS Security Products

VS Security Products design, manufacture and sell the most extensive range of degaussers and data destroyers on the market, suitable for all types of magnetic media.

Echosec Systems

Echosec Systems

Echosec Systems is a data discovery company delivering social media and dark web threat intelligence. Our web based security software delivers critical information for situational awareness.

Iterasec

Iterasec

Iterasec provides a full range of security services to hacker-proof your products and make software engineering process secure by design.

Anterix

Anterix

Anterix is focused on empowering the modernization of critical infrastructure and enterprise businesses by enabling private broadband connectivity.

AI Spera

AI Spera

AI-Driven Cyber Threat Intelligence Security. AI Spera provides real-time intelligence to empower your security competences in all aspects of the business.

SE Ventures

SE Ventures

SE Ventures provides capital to big ideas and bold entrepreneurs who can benefit from Schneider Electric's deep domain expertise, R&D assets, and global customer base.

Schillings

Schillings

Shillings defends your rights to privacy, reuptation and security. We fight passionately against breaches of your privacy, attacks on your reputation and threats to your security.

Cybastion

Cybastion

Cybastion develops robust world-class cybersecurity solutions tailored to suit the needs of different businesses, governments and public sector entities.

Cool Waters Cyber

Cool Waters Cyber

Cool Waters Cyber manage cyber security governance, risk and compliance.

Amplifier Security

Amplifier Security

Amplifier Security are on a mission to empower security teams to modernize their practice by connecting the dots between their security stack and their people.

SFY Information Technology

SFY Information Technology

SFY helps companies with Cyber Security and Managed IT, allowing them to focus on what really matters to them.

Blue Mantis

Blue Mantis

Blue Mantis is a security-first, IT solutions and services provider with a 30+ year history of successfully helping clients achieve business modernization.