Google Threat Analysis Group (TAG) engineers have reported blocking dozens of malicious domains and websites that were used by hired hackers to attack around the world.
Unlike commercial spyware vendors, whose products are used by customers for their own attacks, hackers for hire are directly involved in the attacks and are usually hired by the companies that offer such services. As a rule, the services of hacker mercenaries are needed by those clients who do not have their own skills or need to hide their identity, in case of an attack they will be detected and studied.
As a result, mercenary groups are used to attack individuals or organizations, to steal data and corporate espionage, and often politicians, journalists, human rights activists, and political activists around the world become their victims.
“The range of goals in such campaigns differs from the operations of government hackers, who usually have well-defined missions and goals. For example, a recent recruitment campaign by an Indian hacker operator targeted an IT company in Cyprus, an educational institution in Nigeria, a fintech company in the Balkans, and a trading company in Israel.
Currently, Google TAG analysts track several hacker hire firms (and their companies) in various countries, including India, Russia, and the UAE. For example, experts say a group of hired cyberspies from India, linked to offensive security vendors Appin and Belltrox, recently launched a phishing campaign aimed at stealing credentials in the government, healthcare and telecommunications sectors of Saudi Arabia, the UAE and Bahrain.
Another group of hacker mercenaries, Void Balaur, has been linked to phishing attacks against journalists, politicians, and various non-governmental and non-profit organizations across Europe.
Another hacker team based in the UAE and associated with the developers of H-Worm is mainly focused on attacks on government and educational institutions, as well as political organizations in the Middle East and North Africa.
“As part of our anti-malware efforts, we are using the results of our research to improve the security of our products. Once discovered, all identified sites and domains were added to Safe Browsing to protect users from further harm. In addition, our cybercrime investigation team shares relevant information and indicators of compromise with law enforcement,” the experts say.
Google TAG experts have published a complete list of malicious domains blocked after investigating the activities of the mentioned hack groups from India, Russia, and the UAE.