Cyber Mercenaries: Focus On Hackers-for-Hire

Uploaded on 2021-11-17 in TECHNOLOGY--Hackers, FREE TO VIEW

A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks first dtecetd in 2015. 

Trend Micro has published details of a new Russian-speaking cyber-mercenary group that has been guilty of around 3500 victims over the past six years and human rights activists, journalists, politicians, telecommunications engineers and medical doctors are among those who have been targeted by the group.

So-called “Void Balaur” named after an evil creature from Eastern European folklore, the group aslo goes by the name “Rockethack” on underground Russian language forums, where it has been advertising since 2018 to 100% positive reviews.

According to Trend Micro’s, Void Balaur focuses on compromising email and social media accounts and selling sensitive personal and financial information, including telecoms data, passenger flight records, banking data and passport details. “One of the threat actor’s primary services is hacking into the mailboxes of email providers and social media accounts"  In some cases, they can even provide complete copies of mailboxes that are stolen without any user interaction for a higher price, says the Report.

Global targets include a wide range, from Russian telecoms services to ATM vendors, financial services firms, medical insurers and even IVF clinics.

These are selected as they store lucrative personal and corporate information that can be sold at a relatively high price. The group charges over $800 for phone call records with cell tower locations, for example. “The group uses Russian underground websites to advertise their products and services, especially in forums such as Darkmoney and Probiv. Void Balaur apperas to be highly respected in these underground forums, as the feedback for their services is almost unanimously positive, with their customers pointing out the threat actor’s ability to deliver the requested information on time, as well as the quality of the data being provided,” say Trend Micro.

Some of these attacks overlap with individuals targeted by the notorious Kremlin-backed Pawn Storm group, sometimes known as Fancy Bear,  although it’s not thought the two groups are connected.

According to Trend Micro, phishing and malware and its main tools to compromise its victims. That makes multi-factor authentication (MFA), end-to-end encrypted apps, as well as robust email and corporate detection and response tools vital. 

The proliferation of groups like Void Balaur is a consequence of a highly professional cyber crime economy, according to Trend Micro's threat research expert Feike Hacquebord. “Given the insatiable demand for their services and harboring of some actors by nation-states, they’re unlikely to go away anytime soon... The best form of defense is to raise industry awareness of the threat in reports like this one and encourage best practice cybersecurity to help thwart their efforts.” he said.

To protect against hacking campaigns, Trend Micro recommend using multi-factor authentication to protect email and social media accounts and to use an app or physical key rather than a one-time SMS passcode, which could be exploited by attackers. They also recommend only using email services from reputable providers with high privacy standards and that encryption should be used for as many communications as possible.

Trend Micro:      Infosecurity Magazine:      ZDNet:    TechRadar:    Oodaloop:       InfoSecToday

You Might Also Read:

Ransomware: One Percent Makes A Big Impact:

 

« One Fifth Of British Adults Suffer Online Fraud
Do People Lie More Often When Using Social Media? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Australian Information Security Association (AISA)

Australian Information Security Association (AISA)

AISA champions the development of a robust information security sector by building professional capacity and advancing the cyber security of the public, business and governments in Australia.

Maryman & Associates

Maryman & Associates

Maryman & Associates are specialists in computer forensic investigations, incident response and e-discovery services.

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions (ACS)

Automation & Cyber Solutions delivers a range of Industrial Automation and Cyber solutions & services to sectors including Oil & Gas, Chemicals & Petrochemicals, Power and others.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

Arab Information & Communication Technologies Organization (AICTO)

Arab Information & Communication Technologies Organization (AICTO)

The Arab ICT Organization (AICTO) is an Arab governmental organization working under the aegis of the league of Arab States.

Sapien Cyber

Sapien Cyber

Sapien Cyber is an Australian company bringing leading-edge cyber security and threat intelligence solutions.

Euro-Recycling

Euro-Recycling

Euro-Recycling is a leading UK provider of Secure On-Site Data Media Destruction Services.

Austrian Institute of Technology (AIT)

Austrian Institute of Technology (AIT)

AIT is Austria's largest research and technology organisation and a specialist in the key infrastructure issues of the future including data science and cybersecurity.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

Injazat

Injazat

Injazat Data Systems is an industry recognized market leader in the Gulf region for Information Technology, Data Center and Managed Services.

xMatters

xMatters

xMatters is a digital service availability platform that helps enterprises prevent, manage, and resolve IT incidents before they can become business problems.

Exterro

Exterro

Exterro is a leading provider of e-discovery and information governance software specifically designed for in-house legal, privacy and IT teams at Global 2000 and Am Law 200 organizations.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.

Lithuanian Cyber Command (LTCYBERCOM)

Lithuanian Cyber Command (LTCYBERCOM)

The Lithuanian Cyber Command is responsible for planning and execution of operations in cyberspace and installation of strategic and operational communications and information systems.

Harmonia Holdings Group

Harmonia Holdings Group

Harmonia Holdings Group was born in 2006 with the vision to bring innovation and change to the federal IT sector.