A hack-for-hire group that was first uncovered in 2019 has expanded its focus to set its sights on entities with enterprise or political ties to Russia.
Dubbed Void Balaur, the cyber mercenary collective has a historical past of launching cyberattacks in opposition to biotechnology and telecom corporations since 2015. As many as 3,500 victims have been reported as of November 2021.
“Void Balaur […] primarily dabbles in cyber espionage and knowledge theft, promoting the stolen data to anybody prepared to pay,” Pattern Micro famous on the time.
Assaults carried out by the group are usually each generic and opportunistic and are geared toward gaining unauthorized entry to widely-used electronic mail providers, social media, messaging, and company accounts.
Earlier this June, Google’s Risk Evaluation Group (TAG) took the wraps off a set of credential theft assaults focusing on journalists, European politicians, and non-profit’s mounted by the menace actor.
“Void Balaur additionally goes after targets precious for prepositioning or facilitating future assaults, SentinelOne researcher Tom Hegel stated, including the targets span Russia, the U.S., the U.Okay., Taiwan, Brazil, Kazakhstan, Ukraine, Moldova, Georgia, Spain, Central African Republic, and Sudan.
The hack-for-hire service providing linked to the group is alleged to be marketed below completely different personas, resembling Hacknet and RocketHack. Over time, the operators have supplied different providers, together with distant entry to units, SMS data, and real-time location monitoring.
What’s extra, the assault infrastructure operated by Void Balaur encompasses greater than 5,000 distinctive domains that declare to be electronic mail web sites, authentication providers, and public providers portals.
However in what seems to be an operational oversight, one of many domains managed by the group (accounts-my-mail-gmail[.]com) resolved to an IP deal with that is owned and operated by the Russian Federal Guard Service (FSO) in early 2022, suggesting a possible connection.
Though Void Balaur’s assaults are geared toward people and organizations the world over, campaigns mounted in 2022 have singled out individuals which might be concerned in enterprise and political conditions which might be of curiosity to Russia.
Additionally prevalent is the usage of extremely reproducible phishing emails that mimic native authorities providers or banks to trick targets into offering their account credentials upon clicking a malicious hyperlink.
“Void Balaur stays a extremely energetic and evolving menace to people throughout the globe. From the focusing on of well-known electronic mail providers to the providing of hacking company networks, the group represents a transparent instance of the hack-for-hire marketm,” Hegel stated.