In some kind of a prolific campaign of economically motivated attacks that has been continuing since 2015, a hacker-for-hire operation provided by cyber mercenaries has attacked thousands of individuals and organizations throughout the world.
Human rights activists, journalists, legislators, telecommunications experts, and medical professionals are among those attacked by the gang, according to Trend Micro cybersecurity analysts. It's been named Void Balaur, after a multi-headed beast from Slavic legend.
Since 2018, the cyber-mercenary gang has advertised its activities on Russian-language forums. Hacking into the email and social media profiles, as well as obtaining and selling critical personal and financial information, are among the main services provided. These attacks will also put information-stealing software onto victims' devices occasionally.
It appears that it makes little difference whoever the targets are, as long as those behind the assaults are compensated by their employers. Only a few missions are active at any one moment, but those that are, command Void Balaur's undivided attention for the time being.
"There will just be a dozen targets a day, usually less. But those targets are high-profile targets -- we found government ministers, members of parliaments, a lot of people from the media, and a lot of medical doctors," Feike Hacquebord, senior threat researcher for Trend Micro told.
Among those attacked are a former intelligence chief and five active members of the administration in an undisclosed European country. People and institutions being targeted are located all over the world, including North America, Europe, Russia, and India, to name a few.
Several of the cyberattacks seem to be politically motivated, aimed against persons in nations in which the victim's human rights may be infringed by governments if they are revealed.
Several Void Balaur attacks, like other harmful hacking activities, begin with phishing emails that are targeted at the selected victim. The organization claims to be able to get access to certain email accounts with no user input at all and to be selling this service at a premium fee compared to prior attacks.
Many campaigns run for a substantial amount of time. One such targeting an undisclosed huge conglomerate in Russia, for example, remained active from at least September 2020 to August 2021 and targeted not only the owners of the enterprises but also their family members and senior members of all the enterprises within the corporate name.
"There's a set of companies owned by one person and his family members were targeted, the CEOs of the companies were being targeted, and that all happens over more than one year," said Hacquebord.