First exposed in 2019, Hacking for Hire groups have expanded their focus to target organizations with business or political ties to Russia.
dubbing Void Dragon, a group of cyber mercenaries has a history of launching cyber attacks against biotech and telecom companies since 2015. As of November 2021, as many as 3,500 victims have been reported.
“Void Dragon […] It primarily dabbles in cyber espionage and data theft, selling stolen information to anyone willing to pay,” Trend Micro said at the time.
The attacks carried out by this group are typically general and opportunistic, aimed at gaining unauthorized access to widely used email services, social media, messaging, and corporate accounts.
Earlier this June, Google’s Threat Analysis Group (TAG) disclosed a series of credential theft attacks targeting journalists, European politicians, and nonprofits.
According to SentinelOne researcher Tom Hegel, Void Balaur also targets targets that can help pre-position or facilitate future attacks, including Russia, the United States, the United Kingdom, Taiwan, Brazil and Kazakhstan. , Ukraine, Moldova, Georgia, Spain and the Central African Republic. , Sudan.
The group-linked hack-for-hire service offering is said to be advertised under various personas such as Hacknet and RocketHack. Over the years, operators have offered other services such as remote device access, SMS records, and real-time location tracking.
Additionally, the attack infrastructure operated by Void Balaur includes over 5,000 unique domains that claim to be email websites, authentication services, and public service portals.
However, what appears to be an operational oversight is one of the domains controlled by the group (accounts-my-mail-gmail[.]com) resolved to an IP address owned and operated by the Russian Federal Guard (FSO) in early 2022, suggesting a potential connection.
Void Balaur attacks target individuals and organizations around the world, but campaigns launched in 2022 identified people involved in business and political situations of interest to Russia.
It’s also common to use highly reproducible phishing emails masquerading as municipal services or banks to trick the target into providing account credentials after clicking a malicious link.
“Void Balaur remains a highly active and evolving threat to individuals worldwide. It represents a clear example of the market,” said Hegel. .