Information about a well-known hacker-for-hire company that continues to exploit entities was released recently. Since its commencement in 2015, the mentioned mercenaries have targeted at least 3,500 individuals and organizations. The hackers discovered by Trend Micro and identified the group as Void Balaur, who offer their services on Russian-language forums under the nickname “Rockethack.” Starting in 2018, the cyber-mercenary group has been publicizing its operations on Russian-language newsgroups and discussion boards.
These organizations’ most common services are breaching email and social media accounts, stealing sensitive personal information and selling financial details. In addition, the assaults will dump information-stealing software onto the devices used by the victims on occasion.
If you learned that adversaries got hold of the data you are protecting, may it be customer, proprietary, or other sensitive information, you should contact LIFARS immediately. When dealing with data breaches, time is of the essence, and the initial 24 hours after the discovery are critical. LIFARS handles data breaches with military precision and ensures that root cause is found, eliminated, and detailed forensics are performed to discover all compromised information.
NordPass researchers discovered it, among other things, when they analyzed data from public third-party breaches that wreaked havoc on Fortune 500 companies. Altogether, the data analyzed by NordPass experts included over 15 million violations across 17 different industries. Undoubtedly, it provided information on how Fortune 500 companies deal with their passwords.
Targets Around The World
Void Balaur breaks into and steals data from email accounts, obtains information, and sells a wide variety of sensitive personal data belonging to targeted persons as part of their services. This information often contains passport details, SMS messages, phone call records (including cell tower log data), caller information and location, information about the purchased plane, and train tickets for cross-border travel. Likewise, traffic camera shorts, Interpol records, and credit reports are among the types of information the group has acquired and sold to its customers.
The hacker-for-hire exploits entities like politicians, human rights activists, dissidents, scientists, physicians, journalists, and engineers. Research results indicate that in over 18 months, the cybercriminal Void Balaur has stolen data from more than 3,500 individuals. Unfortunately, some of them have been subjected to long-lasting and recurrent assaults. Politicians from Uzbekistan and Belarus and representatives from other nations, including Ukraine, Russia, Norway, France, Italy, and Armenia, were among those who experienced these grueling cybersecurity assaults.
Likewise, the group has been linked as the threat actor for assaults in Uzbekistan. Amnesty International was able to document it as having harmed the lives of certain people in that country last year. Accordingly, some victims felt intimidated enough by Void Balaur’s actions to flee their own countries and seek refuge in other nations.
It was also discovered that Void Balaur had targeted the deputy director of the Russian telecom business. Likewise, the senior network engineers at telecom companies in the United States, the United Kingdom, and the networks of a Russian manufacturer of cellular equipment and radio navigation company.
How Much Do These Cybercriminals Make in a Month?
The information shows that these cybercriminals charge anywhere from $20 for a stolen credit card history to more than $800 for phone call data, including cell tower location information. Furthermore, the gang targets organizations that store sensitive and potentially lucrative information, such as telecommunication companies, ATM vendors, financial services companies, insurance companies, and even IVF clinics. Analyzing the data shows that the list of potential targets encompasses the whole globe. Moreover, it has also been documented to target people, including journalists, human rights activists, scientists and medical professionals, telecommunications engineers, and bitcoin users. To achieve its nefarious intentions, Void Balaur often employs email phishing in combination with information-stealing malware such as Z*Stealer or DroidWatcher.
Groups Tactic Remains Unclear
Unfortunately, experts have not been able to determine how some of Void Balaur’s members have gained access to some of the data that has been made available for purchase over the previous several years. For example, while the group appears to have gained access to email accounts through credential phishing and the use of zero-click zero-day exploits in some instances, it appears to have gained access to mailboxes without the need for any user interaction in other instances, according to the evidence.
Specific conceivable methods by which they may have accomplished this include convincing key workers at some email service providers to intentionally sell the data or hacking the accounts of key employees who had access to specific email mailboxes, among others. Alternatively, it is possible that the threat actor was able to hack the account of law enforcement officers who had legal access to the affected mails or that you penetrated the systems of the email provider.
In contrast, it’s not entirely clear how Void Balaur obtained sensitive and complete call records, both with and without cell tower information. Members of the gang may have paid insiders at telecom firms in exchange for the info. The threat actor may have also managed to breach accounts belonging to essential management staff and engineers at large telecom corporations, which would be another option to consider.