A hack-for-hire group that was first uncovered in 2019 has expanded its focus to set its sights on entities with enterprise or political ties to Russia.
Dubbed Void Balaur, the cyber mercenary collective has a historical past of launching cyberattacks in opposition to biotechnology and telecom corporations since 2015. As many as 3,500 victims have been reported as of November 2021.
“Void Balaur […] primarily dabbles in cyber espionage and knowledge theft, promoting the stolen info to anybody keen to pay,” Pattern Micro famous on the time.
Assaults performed by the group are sometimes each generic and opportunistic and are geared toward gaining unauthorized entry to widely-used e mail companies, social media, messaging, and company accounts.
Earlier this June, Google’s Menace Evaluation Group (TAG) took the wraps off a set of credential theft assaults concentrating on journalists, European politicians, and non-profit’s mounted by the risk actor.
“Void Balaur additionally goes after targets helpful for prepositioning or facilitating future assaults, SentinelOne researcher Tom Hegel stated, including the targets span Russia, the U.S., the U.Ok., Taiwan, Brazil, Kazakhstan, Ukraine, Moldova, Georgia, Spain, Central African Republic, and Sudan.
The hack-for-hire service providing linked to the group is alleged to be marketed beneath totally different personas, similar to Hacknet and RocketHack. Over time, the operators have supplied different companies, together with distant entry to gadgets, SMS data, and real-time location monitoring.
What’s extra, the assault infrastructure operated by Void Balaur encompasses greater than 5,000 distinctive domains that declare to be e mail web sites, authentication companies, and public companies portals.
However in what seems to be an operational oversight, one of many domains managed by the group (accounts-my-mail-gmail[.]com) resolved to an IP deal with that is owned and operated by the Russian Federal Guard Service (FSO) in early 2022, suggesting a possible connection.
Though Void Balaur’s assaults are geared toward people and organizations the world over, campaigns mounted in 2022 have singled out folks which might be concerned in enterprise and political conditions which might be of curiosity to Russia.
Additionally prevalent is the usage of extremely reproducible phishing emails that mimic native authorities companies or banks to trick targets into offering their account credentials upon clicking a malicious hyperlink.
“Void Balaur stays a extremely energetic and evolving risk to people throughout the globe. From the concentrating on of well-known e mail companies to the providing of hacking company networks, the group represents a transparent instance of the hack-for-hire marketm,” Hegel stated.