Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Void Balaur. Show all posts

Void Balaur Targets Russian Entities

A hacker-for-hire company that was originally revealed in 2019 has extended its scope to target victims with links to Russia in the political and corporate sector. 

Reported to attack a variety of known target groups worldwide, Void Balaur is a very active hacker-for-hire cyber mercenary gang. Since at least 2016, people have seen their services available for purchase online. Private data collection and access to particular online email and social media sites, including Gmail, Outlook, Telegram, Yandex, Facebook, Instagram, and corporate emails, are among the services offered. 

Google claims Since 2012, TAG has been keeping tabs on a diverse group of Indian hackers-for-hire, many of whom have worked briefly for Indian security companies Appin and Belltrox.

The gang often conducts attacks that are both general and opportunistic with the goal of getting illegal access to popular email services, social networks, communications, and corporate accounts.

According to reports, the hack-for-hire service provided by the gang is offered using a variety of guises, including Hacknet and RocketHack. The operators have offered additional services over the years, including real-time location tracking, SMS logs, and remote device access.

Furthermore, the assault infrastructure run by Void Balaur includes more than 5,000 distinct domains that present themselves as portals for public services, authentication services, and email websites.

A wide range of industries, frequently with specific political or business ties to Russia, are among the new targets. Additionally, Void Balaur hunts out targets useful for positioning or assisting upcoming assaults. They have the United States, Russia, Ukraine, and a number of other nations as their targets.

However, in early 2022, one of the group's managed domains resolved to an IP address that belongs to and is run by the Russian Federal Guard Service (FSO), indicating what appears to be an operating oversight and raising the possibility of a connection.

Despite the fact that Void Balaur targets persons and organizations all over the world, ads launched in 2022 have targeted individuals who are active in political and business circumstances that are important to Russia.

The use of highly repeatable phishing emails that look like they are from banks or local governments is common in order to deceive recipients into clicking a malicious link and divulging their account information.

In September 2021, one of the group's most infamous efforts featured attacks that targeted the personal email accounts of lawmakers and government leaders of an Eastern European nation.

In accordance with its reputation as a cyber mercenary, Void Balaur does not confine itself to the geopolitical sphere. Nonetheless,  employing and adopting the proper security measures will help in repelling cyber mercenary attacks.

"Void Balaur" Cyber Mercenary Group Unveiled by Trend Micro

 

In some kind of a prolific campaign of economically motivated attacks that has been continuing since 2015, a hacker-for-hire operation provided by cyber mercenaries has attacked thousands of individuals and organizations throughout the world. 

Human rights activists, journalists, legislators, telecommunications experts, and medical professionals are among those attacked by the gang, according to Trend Micro cybersecurity analysts. It's been named Void Balaur, after a multi-headed beast from Slavic legend. 

Since 2018, the cyber-mercenary gang has advertised its activities on Russian-language forums. Hacking into the email and social media profiles, as well as obtaining and selling critical personal and financial information, are among the main services provided. These attacks will also put information-stealing software onto victims' devices occasionally. 

It appears that it makes little difference whoever the targets are, as long as those behind the assaults are compensated by their employers. Only a few missions are active at any one moment, but those that are, command Void Balaur's undivided attention for the time being. 

"There will just be a dozen targets a day, usually less. But those targets are high-profile targets -- we found government ministers, members of parliaments, a lot of people from the media, and a lot of medical doctors," Feike Hacquebord, senior threat researcher for Trend Micro told. 

Among those attacked are a former intelligence chief and five active members of the administration in an undisclosed European country. People and institutions being targeted are located all over the world, including North America, Europe, Russia, and India, to name a few. 

Several of the cyberattacks seem to be politically motivated, aimed against persons in nations in which the victim's human rights may be infringed by governments if they are revealed. Several Void Balaur attacks, like other harmful hacking activities, begin with phishing emails that are targeted at the selected victim. The organization claims to be able to get access to certain email accounts with no user input at all and to be selling this service at a premium fee compared to prior attacks. 

Many campaigns run for a substantial amount of time. One such targeting an undisclosed huge conglomerate in Russia, for example, remained active from at least September 2020 to August 2021 and targeted not only the owners of the enterprises but also their family members and senior members of all the enterprises within the corporate name. 

"There's a set of companies owned by one person and his family members were targeted, the CEOs of the companies were being targeted, and that all happens over more than one year," said Hacquebord.