Home Security Void Balaur Hackers-for-Rent Focusing on Russian Companies and Politics Entities

Void Balaur Hackers-for-Rent Focusing on Russian Companies and Politics Entities

by crpt os


A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia.

Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021.

“Void Balaur […] primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay,” Trend Micro noted at the time.

CyberSecurity

Attacks conducted by the group are typically both generic and opportunistic and are aimed at gaining unauthorized access to widely-used email services, social media, messaging, and corporate accounts.

Earlier this June, Google’s Threat Analysis Group (TAG) took the wraps off a set of credential theft attacks targeting journalists, European politicians, and non-profit’s mounted by the threat actor.

“Void Balaur also goes after targets valuable for prepositioning or facilitating future attacks, SentinelOne researcher Tom Hegel said, adding the targets span Russia, the U.S., the U.K., Taiwan, Brazil, Kazakhstan, Ukraine, Moldova, Georgia, Spain, Central African Republic, and Sudan.

The hack-for-hire service offering linked to the group is said to be advertised under different personas, such as Hacknet and RocketHack. Over the years, the operators have provided other services, including remote access to devices, SMS records, and real-time location tracking.

What’s more, the attack infrastructure operated by Void Balaur encompasses more than 5,000 unique domains that claim to be email websites, authentication services, and public services portals.

CyberSecurity

But in what appears to be an operational oversight, one of the domains controlled by the group (accounts-my-mail-gmail[.]com) resolved to an IP address that’s owned and operated by the Russian Federal Guard Service (FSO) in early 2022, suggesting a potential connection.

Although Void Balaur’s attacks are aimed at individuals and organizations across the world, campaigns mounted in 2022 have singled out people that are involved in business and political situations that are of interest to Russia.

Also prevalent is the use of highly reproducible phishing emails that mimic local government services or banks to trick targets into providing their account credentials upon clicking a malicious link.

“Void Balaur remains a highly active and evolving threat to individuals across the globe. From the targeting of well known email services to the offering of hacking corporate networks, the group represents a clear example of the hack-for-hire marketm,” Hegel said.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex