© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Google shares intelligence on hack-for-hire groups

Google’s Threat Analysis Group (TAG) shared information on a criminal segment that specializes in compromising accounts and exfiltrating data as a service – hack-for-hire groups.

According to TAG, hack-for-hire groups usually carry out attacks themselves, targeting a variety of users. Some of their victims include human rights activists, political activists, and journalists.

While some groups openly advertise their services, others work in a low-profile manner, focusing on espionage. For instance, Indian hack-for-hire firms have been noticed working with freelance threat actors, as well as third-party private investigative services. Their targets were broad, such as an IT company in Cyprus, an education institution in Nigeria, a fintech company in the Balkans, and a shopping company in Israel.

In turn, a Russian hack-for-hire actor known as 'Void Balaur' has previously targeted anti-corruption journalists, politicians across Europe, and various NGOs and non-profit organizations. Additionally, they targeted regular people who were not affiliated with any of the above-mentioned parties.

“These campaigns were similar regardless of target, consisting of a credential phishing email with a link to an attacker-controlled phishing page. The lures ranged from fake Gmail and other webmail provider notifications to messages spoofing Russian government organizations,” TAG explains.

The attacker’s website with service advertisements was positively endorsed on Russian underground forums.

TAG has also reported its findings of the activity of a hack-for-hire group based in the United Arab Emirates, which primarily operates in the Middle East and North Africa. Their targets include government, education, and political organizations, such as Middle-East-focused NGOs in Europe and the Palestinian political party Fatah.

Unlike many other actors, this group uses a custom phishing kit that utilizes an open-source tool Selenium.

“Upon discovery, all identified websites and domains were added to Safe Browsing to protect users from further harm,” TAG concludes.

More from Cybernews:

China mimicked protestors to tighten grip on coveted metals, says report

Ukraine arrests cybercrime gang for operating over 400 phishing websites

Posts offering abortion pills removed on Facebook and Instagram

Messenger chatbot used to hunt for Facebook credentials

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are marked