Cyber Mercenaries: Focus On Hackers-for-Hire

Uploaded on 2021-11-17 in TECHNOLOGY--Hackers, FREE TO VIEW

A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks first dtecetd in 2015. 

Trend Micro has published details of a new Russian-speaking cyber-mercenary group that has been guilty of around 3500 victims over the past six years and human rights activists, journalists, politicians, telecommunications engineers and medical doctors are among those who have been targeted by the group.

So-called “Void Balaur” named after an evil creature from Eastern European folklore, the group aslo goes by the name “Rockethack” on underground Russian language forums, where it has been advertising since 2018 to 100% positive reviews.

According to Trend Micro’s, Void Balaur focuses on compromising email and social media accounts and selling sensitive personal and financial information, including telecoms data, passenger flight records, banking data and passport details. “One of the threat actor’s primary services is hacking into the mailboxes of email providers and social media accounts"  In some cases, they can even provide complete copies of mailboxes that are stolen without any user interaction for a higher price, says the Report.

Global targets include a wide range, from Russian telecoms services to ATM vendors, financial services firms, medical insurers and even IVF clinics.

These are selected as they store lucrative personal and corporate information that can be sold at a relatively high price. The group charges over $800 for phone call records with cell tower locations, for example. “The group uses Russian underground websites to advertise their products and services, especially in forums such as Darkmoney and Probiv. Void Balaur apperas to be highly respected in these underground forums, as the feedback for their services is almost unanimously positive, with their customers pointing out the threat actor’s ability to deliver the requested information on time, as well as the quality of the data being provided,” say Trend Micro.

Some of these attacks overlap with individuals targeted by the notorious Kremlin-backed Pawn Storm group, sometimes known as Fancy Bear,  although it’s not thought the two groups are connected.

According to Trend Micro, phishing and malware and its main tools to compromise its victims. That makes multi-factor authentication (MFA), end-to-end encrypted apps, as well as robust email and corporate detection and response tools vital. 

The proliferation of groups like Void Balaur is a consequence of a highly professional cyber crime economy, according to Trend Micro's threat research expert Feike Hacquebord. “Given the insatiable demand for their services and harboring of some actors by nation-states, they’re unlikely to go away anytime soon... The best form of defense is to raise industry awareness of the threat in reports like this one and encourage best practice cybersecurity to help thwart their efforts.” he said.

To protect against hacking campaigns, Trend Micro recommend using multi-factor authentication to protect email and social media accounts and to use an app or physical key rather than a one-time SMS passcode, which could be exploited by attackers. They also recommend only using email services from reputable providers with high privacy standards and that encryption should be used for as many communications as possible.

Trend Micro:      Infosecurity Magazine:      ZDNet:    TechRadar:    Oodaloop:       InfoSecToday

You Might Also Read:

Ransomware: One Percent Makes A Big Impact:

 

« One Fifth Of British Adults Suffer Online Fraud
Do People Lie More Often When Using Social Media? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

INCIBE-CERT

INCIBE-CERT

INCIBE-CERT is the reference security incident response center for citizens and private law entities in Spain

CyberVista

CyberVista

CyberVista is a cybersecurity training education and workforce development company. Our mission is to eliminate the skills gap by creating job ready professionals.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

US-Africa Cybersecurity Group (USAFCG)

US-Africa Cybersecurity Group (USAFCG)

USAFCG provides cybersecurity consulting services and delivers training programs for capacity building in Africa.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

BigPanda

BigPanda

BigPanda is the first provider of Autonomous Operations solutions that empower IT Operations at large, complex enterprises.

Cohesity

Cohesity

Cohesity radically simplifies the way businesses back up, manage, protect, and extract value from their data—in the data center, at the edge, and in the cloud.

OSIbeyond

OSIbeyond

OSIbeyond provides comprehensive Managed IT Services to organizations in the Washington D.C., MD, and VA area including IT Help Desk Support, Cloud Solutions, Cybersecurity, and Technology Strategy.

Query.ai

Query.ai

At Query.AI, we are committed to helping companies unlock the power of their security data, so they are empowered to meet security investigation and response goals while simultaneously reducing costs.

CACI International

CACI International

CACI is at the forefront of developing and delivering technological breakthroughs that transform and optimize government operations.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

Solvere One

Solvere One

Solvere One is a managed service provider (MSP) focused on corporate consulting and partnership.

BlueCat Networks

BlueCat Networks

BlueCat is the Adaptive DNS company. Our mission is to help the world’s largest organizations thrive on network complexity, from the edge to the core.

Protecto

Protecto

Make privacy and governance effortless. Brakes allow you to drive faster. Stronger data privacy and security enable companies to unlock the full potential of the data.