Cyber Mercenaries: Focus On Hackers-for-Hire

Uploaded on 2021-11-17 in TECHNOLOGY--Hackers, FREE TO VIEW

A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks first dtecetd in 2015. 

Trend Micro has published details of a new Russian-speaking cyber-mercenary group that has been guilty of around 3500 victims over the past six years and human rights activists, journalists, politicians, telecommunications engineers and medical doctors are among those who have been targeted by the group.

So-called “Void Balaur” named after an evil creature from Eastern European folklore, the group aslo goes by the name “Rockethack” on underground Russian language forums, where it has been advertising since 2018 to 100% positive reviews.

According to Trend Micro’s, Void Balaur focuses on compromising email and social media accounts and selling sensitive personal and financial information, including telecoms data, passenger flight records, banking data and passport details. “One of the threat actor’s primary services is hacking into the mailboxes of email providers and social media accounts"  In some cases, they can even provide complete copies of mailboxes that are stolen without any user interaction for a higher price, says the Report.

Global targets include a wide range, from Russian telecoms services to ATM vendors, financial services firms, medical insurers and even IVF clinics.

These are selected as they store lucrative personal and corporate information that can be sold at a relatively high price. The group charges over $800 for phone call records with cell tower locations, for example. “The group uses Russian underground websites to advertise their products and services, especially in forums such as Darkmoney and Probiv. Void Balaur apperas to be highly respected in these underground forums, as the feedback for their services is almost unanimously positive, with their customers pointing out the threat actor’s ability to deliver the requested information on time, as well as the quality of the data being provided,” say Trend Micro.

Some of these attacks overlap with individuals targeted by the notorious Kremlin-backed Pawn Storm group, sometimes known as Fancy Bear,  although it’s not thought the two groups are connected.

According to Trend Micro, phishing and malware and its main tools to compromise its victims. That makes multi-factor authentication (MFA), end-to-end encrypted apps, as well as robust email and corporate detection and response tools vital. 

The proliferation of groups like Void Balaur is a consequence of a highly professional cyber crime economy, according to Trend Micro's threat research expert Feike Hacquebord. “Given the insatiable demand for their services and harboring of some actors by nation-states, they’re unlikely to go away anytime soon... The best form of defense is to raise industry awareness of the threat in reports like this one and encourage best practice cybersecurity to help thwart their efforts.” he said.

To protect against hacking campaigns, Trend Micro recommend using multi-factor authentication to protect email and social media accounts and to use an app or physical key rather than a one-time SMS passcode, which could be exploited by attackers. They also recommend only using email services from reputable providers with high privacy standards and that encryption should be used for as many communications as possible.

Trend Micro:      Infosecurity Magazine:      ZDNet:    TechRadar:    Oodaloop:       InfoSecToday

You Might Also Read:

Ransomware: One Percent Makes A Big Impact:

 

« One Fifth Of British Adults Suffer Online Fraud
Do People Lie More Often When Using Social Media? »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Firebrand

Firebrand

Firebrand is the leader in Accelerated Learning in the field of IT and project management.

Apcon

Apcon

Apcon's mission is to provide valuable network insights that enable security and network professionals to monitor, secure and protect their data in both physical and virtual environments.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

Flexential

Flexential

Flexential helps organizations optimize their journey of IT transformation while simultaneously balancing cost, scalability, compliance and security.

Aveshka

Aveshka

Aveshka is a professional services firm focused on addressing complex threats and challenges including Cybersecurity and Information Technology.

DQM GRC

DQM GRC

DQM GRC are one of the UK's leading providers of data governance, e-privacy and GDPR services, to commercial organisations across all industries in the UK.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

NETRIO

NETRIO

If you are looking for a highly mature, exceptionally competent Managed Service Provider, NETRIO has solutions to keep your business running at warp speed with zero disruptions.

Sharktech

Sharktech

Sharktech designs, develops, and supports advanced DDoS protection and web technologies.

Axur

Axur

Discover and eliminate digital fraud and risks on the web. Utilize Axur’s entire AI potential, along with thousands of bots dispersed throughout the surface web as well as the deep and dark web.

Speedinvest

Speedinvest

Speedinvest is one of Europe’s most active early-stage investors with a focus on Deep Tech, Fintech, Industrial Tech, Network Effects, and Digital Health.

UST

UST

UST is a global provider of digital technology and transformation, IT services and solutions including managed security services.

Palitronica

Palitronica

Palitronica build cutting-edge hardware and breakthrough software that revolutionizes how we defend critical infrastructure and key resources.

Rootshell Security

Rootshell Security

Rootshell Security is transforming vulnerability management with its vendor-agnostic Prism Platform and industry-leading offensive security assessments.

TempoCap

TempoCap

TempoCap is a European growth-stage technology fund with offices in London and Berlin. We invest across a variety of high- growth sectors including cybersecurity.

Cloudsmith

Cloudsmith

Cloudsmith is the only cloud-native, global, universal artifact management platform for securely developing and distributing software.