For more than five years a cyber mercenary group has seemingly flown under the radar, successfully hacking prominent targets, according to new research by Trend Micro.
In a research paper published Wednesday, Feike Hacquebord, senior threat researcher at Trend Micro, detailed the activities of the group, which he dubbed "Void Balaur." Those activities primarily consisted of cyberespionage and data theft across a variety of countries. While the hackers-for-hire primarily utilized conventional phishing attacks and "seemingly simple" malware such as Z*Stealer and DroidWatcher, they were successful in targeting more than 3,500 victims.
Trend Micro was the first to reveal a more comprehensive picture of this cyber mercenary group, which it suspects has been active since 2015. However, Amnesty International released a report last year, as did Deflect Labs in 2019; both reported incidents in Uzbekistan against reporters and civil rights activists.
Following a year-long investigation, Trend Micro researchers discovered an even broader group of targets, including Russian medical insurance organizations and in-vitro fertilization clinics, ATM vendors and mobile telecom companies. The medical targets came as no surprise, Hacquebord said, due to the amount of money and personally identifiable information involved.
While the group includes a Russian-speaking threat actor known as "Rockethack," Hacquebord said it's unlikely Void Balaur is a nation-state threat group. Because the targets were quite distributed across a number of countries including Russia, Trend Micro attributed the activity to cyber mercenaries.
Regarding the attacks on Uzbek-related media and civil rights activists, which began in 2016, Trend Micro researchers found that a client was able to buy the mercenary group's services even bef ..
Support the originator by clicking the read the rest link below.
