Cyber Mercenaries: Focus On Hackers-for-Hire

Uploaded on 2021-11-17 in TECHNOLOGY--Hackers, FREE TO VIEW

A hacker-for-hire operation offered by cyber mercenaries has targeted thousands of individuals and organisations around the world, in a prolific campaign of financially driven attacks first dtecetd in 2015. 

Trend Micro has published details of a new Russian-speaking cyber-mercenary group that has been guilty of around 3500 victims over the past six years and human rights activists, journalists, politicians, telecommunications engineers and medical doctors are among those who have been targeted by the group.

So-called “Void Balaur” named after an evil creature from Eastern European folklore, the group aslo goes by the name “Rockethack” on underground Russian language forums, where it has been advertising since 2018 to 100% positive reviews.

According to Trend Micro’s, Void Balaur focuses on compromising email and social media accounts and selling sensitive personal and financial information, including telecoms data, passenger flight records, banking data and passport details. “One of the threat actor’s primary services is hacking into the mailboxes of email providers and social media accounts"  In some cases, they can even provide complete copies of mailboxes that are stolen without any user interaction for a higher price, says the Report.

Global targets include a wide range, from Russian telecoms services to ATM vendors, financial services firms, medical insurers and even IVF clinics.

These are selected as they store lucrative personal and corporate information that can be sold at a relatively high price. The group charges over $800 for phone call records with cell tower locations, for example. “The group uses Russian underground websites to advertise their products and services, especially in forums such as Darkmoney and Probiv. Void Balaur apperas to be highly respected in these underground forums, as the feedback for their services is almost unanimously positive, with their customers pointing out the threat actor’s ability to deliver the requested information on time, as well as the quality of the data being provided,” say Trend Micro.

Some of these attacks overlap with individuals targeted by the notorious Kremlin-backed Pawn Storm group, sometimes known as Fancy Bear,  although it’s not thought the two groups are connected.

According to Trend Micro, phishing and malware and its main tools to compromise its victims. That makes multi-factor authentication (MFA), end-to-end encrypted apps, as well as robust email and corporate detection and response tools vital. 

The proliferation of groups like Void Balaur is a consequence of a highly professional cyber crime economy, according to Trend Micro's threat research expert Feike Hacquebord. “Given the insatiable demand for their services and harboring of some actors by nation-states, they’re unlikely to go away anytime soon... The best form of defense is to raise industry awareness of the threat in reports like this one and encourage best practice cybersecurity to help thwart their efforts.” he said.

To protect against hacking campaigns, Trend Micro recommend using multi-factor authentication to protect email and social media accounts and to use an app or physical key rather than a one-time SMS passcode, which could be exploited by attackers. They also recommend only using email services from reputable providers with high privacy standards and that encryption should be used for as many communications as possible.

Trend Micro:      Infosecurity Magazine:      ZDNet:    TechRadar:    Oodaloop:       InfoSecToday

You Might Also Read:

Ransomware: One Percent Makes A Big Impact:

 

« One Fifth Of British Adults Suffer Online Fraud
Do People Lie More Often When Using Social Media? »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DeviceLock

DeviceLock

DeviceLock is a leading provider of endpoint device/port control and data leak prevention software.

ContentKeeper

ContentKeeper

ContentKeeper provides Web Threat Protection solutions to secure today’s Web 2.0 and mobile centric business environments.

HID Global

HID Global

HID Global is a trusted leader in products, services and solutions related to the creation, management, and use of secure identities.

Logically Secure

Logically Secure

Logically Secure provide penetration testing and security assessment services.

e-Governance Academy (eGA)

e-Governance Academy (eGA)

eGA is a think tank and consultancy founded for the transfer of knowledge and best practice in e-governance, e-democracy and national cyber security.

Certego

Certego

Certego is a company of the VEM Sistemi Group specialised in providing managed computer security services and to combat Cyber Crime.

Secudos

Secudos

SECUDOS is an innovative appliance technology and services provider focused on IT security and compliance.

Vuntie

Vuntie

Vuntie blend European craftsmanship, performance and open-source technology to deliver cybersecurity services including penetration testing, incident response, training and consultancy.

Haventec

Haventec

Haventec’s internationally patented technologies reduce cyber risk and enable pervasive trust services with a decentralised approach to authentication.

Nordic Cyber Summit

Nordic Cyber Summit

Nordic Cyber Security Summit addresses a wide range of technological issues from the IT Security spectrum and also provides a wider perspective from all aspects of the industry.

Vortiv

Vortiv

Vortiv Ltd (formerly known as Transaction Solutions International Ltd) is a technology based company focused on the cybersecurity and the cloud services sector.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

ClubCISO

ClubCISO

ClubCISO is a community of peers, working together to help shape the future of the information security profession by facilitating independent discussion on data security and cyber resilience.

VectorRock

VectorRock

Save Your Business From Cyber Criminals. We specialize in uncovering cyber risks which threaten your organization and fixing them.

Seigur

Seigur

Seigur is an IT consultancy business providing flexible legal and cyber security services for IT and data privacy programmes.

Vanta

Vanta

Vanta helps companies scale security practices and automate compliance for the industry’s most sought after standards - SOC 2, ISO 27001, HIPAA, GDPR, and other security and privacy frameworks.

CIP Cyber

CIP Cyber

CIP Cyber is an online learning community with a mission of connecting, training, and certifying cybersecurity professionals to protect critical infrastructure.

ViroSafe

ViroSafe

ViroSafe is a leading value-added distributor of IT security solutions in Norway.