Hackers motivated by espionage and financial interests have targeted more than 2015 companies and private individuals since 3.500. Trend Micro has now exposed the cyber mercenary group "Void Balaur".
Trend Micro, one of the world's leading providers of cybersecurity solutions, publishes new research that reveals in detail how a group of hackers attacked at least 3.500 individuals and companies. The victims include human rights activists, journalists, politicians and technical executives in telecommunications companies.
Cyber mercenary group Void Balaur
“Cyber mercenaries are an unfortunate expression of today's cyber crime,” explains Feike Hacquebord, Senior Threat Researcher at Trend Micro. “Given the high demand for their services and the fact that nation states are giving refuge to some actors, it is unlikely that they will disappear from the scene anytime soon. The best defense is to use reports like this to raise awareness of the threat and also promote best security practices. "
The report by the Japanese security provider Trend Micro sheds light on the activities of a group of actors who call themselves “Rockethack” and which Trend Micro calls “Void Balaur” - named after an evil, multi-headed creature from Eastern European folklore .
Self-promotion in the Russian environment
At least since 2018, the group has only advertised in Russian-language forums and received positive reviews without exception. The focus is on two forms of activity: hacking email and social media accounts and selling highly sensitive personal and business information. This includes telecommunications, air passenger, bank and passport data. Void Balaur charges around $ 20 for stolen credit history, to $ 69 for traffic cameras, to $ 800 for recordings of phone calls with cell tower locations, for such activities.
Global destinations include telecommunications providers in Russia, ATMs manufacturers, financial service providers, health insurance companies and fertility clinics - companies that store highly sensitive and potentially lucrative information. The group also targets journalists, human rights activists, politicians, scientists, doctors, technical managers in telecommunications companies and users of cryptocurrencies.
Targeting diplomats, journalists and religious leaders
Over the years, their activities have grown bolder. The targets include the former head of a secret service, seven incumbent ministers and a dozen members of parliament in European countries. Some of their goals - including religious leaders, diplomats, and journalists - also overlap with the infamous group Pawn Storm (APT28, Fancy Bear).
Trend Micro connects thousands of indicators with Void Balaur, which are also available to companies as part of comprehensive threat intelligence. The group uses phishing tactics most often, and sometimes data-stealing malware such as Z * Stealer or DroidWatcher. In addition, the group offers to hack e-mail accounts without user interaction. However, it is unclear how you can do this - for example with the help of insiders or an attacked email provider.
More at Trendmicro.com
About Trend Micro As one of the world's leading providers of IT security, Trend Micro helps create a secure world for digital data exchange. With over 30 years of security expertise, global threat research, and constant innovation, Trend Micro offers protection for businesses, government agencies, and consumers. Thanks to our XGen™ security strategy, our solutions benefit from a cross-generational combination of defense techniques optimized for leading-edge environments. Networked threat information enables better and faster protection. Optimized for cloud workloads, endpoints, email, the IIoT and networks, our connected solutions provide centralized visibility across the entire enterprise for faster threat detection and response.