Cyber ​​mercenaries for money, attack campaigns around the world-Trend Micro warns ZDNet Japan

　Cybersecurity company Trend Micro reports that financially motivated cyber mercenaries are targeting individuals and organizations around the world and are developing attack campaigns around the world.

　The company's researchers named this hacker group "Void Balaur" after the many-headed dragon that appears in Slavic folklore, and it targets human rights activists, journalists, politicians, communication engineers, doctors, etc. .

　This cyber mercenary group seems to have been advertising their services on Russian-language forums since 2018. Its main services include breaking into email and social media accounts, as well as stealing and selling sensitive information such as personal and financial information. They may also install information-stealing malware on the victim's device.

　The group doesn't care who they target as long as the client pays the reward. There are only a handful of campaigns running at once, but Void Balaur focuses all its attention on those campaigns during that time.

　Feike Hacquebord, a senior threat researcher at Trend Micro, told ZDNet in the US before presenting his research at Black Hat Europe, "At most we target a dozen people a day, and usually more. "Few, but they target high-profile people, including government ministers, members of parliament, and many media people and doctors."

　The targeted individuals and organizations are scattered all over the world, including North America, Europe, Russia, and India. Many of the attacks are believed to be politically motivated and target people in countries whose human rights could be violated by their government if the victim's information is exposed.

　Like other malicious hacking, Void Balaur campaigns often use phishing emails as a means of intrusion, and the content is customized for the victim. However, the group claims to be able to access some email accounts without any interaction with the user, and the service charges a premium compared to other attacks. The service appears to target multiple email providers in Russia.

　Some campaigns are developed over a long period of time. For example, attacks targeting large Russian conglomerates lasted from at least September 2020 to August 2021. And not just the owners of the companies, but their families, as well as all corporate executives under their umbrella.

　This cyber mercenary targets a wide range of opponents in various industries according to the request of the attack client. What victims have in common is that nearly all of these organizations and individuals have access to large amounts of sensitive data.

For example, one campaign targeted at least 60 doctors who perform in vitro fertilization. A lot of confidential information is involved in medical care, and large amounts of money are exchanged. So it's possible that the Void Balaur's commissioned work was ultimately about personal data, financial data, or both.

　In another campaign, a senior engineer working for a mobile phone company was targeted. It targeted mainly Russian companies, but also included Western companies. Compromising these targets would be useful in cyber espionage operations.

"If you compromise these engineers, you will have a foothold to break into that company. The same thing is happening with banks and Fintech companies, and key people are being targeted. It's a good fit for what Void Balaur wants to offer," Hacquebord said.

　The researchers have not associated Void Balaur with any specific country or region. However, he pointed out that it has been active for a long time, from about 6am to 7pm GMT. Since people working in this group work seven days a week and rarely take days off, the demand for their services can be enormous.

``The demand for the group is unstoppable, and considering that some attackers are being sheltered by the state, we can't expect them to disappear anytime soon. The report is designed to raise industry awareness of threats, encourage cybersecurity best practices, and thwart the machinations of groups seeking to deploy attacks," Hacquebord said.

　Trend Micro researchers use multi-factor authentication to secure email and social media accounts to protect against hacking campaigns launched by cyber mercenaries and other malicious cyber criminals It is recommended that

　In addition, we encourage you to use email services from reliable providers with high standards for privacy protection, and to apply encryption to as many communications as possible.

This article is an article from overseas Red Ventures edited by Asahi Interactive for Japan.