[BreachExchange] Researchers identify 'cybermercenary' group behind dozens of hacks
Terrell Byrd
terrell.byrd at riskbasedsecurity.com
Wed Nov 10 14:38:05 EST 2021
https://www.yahoo.com/now/void-balaur-cyber-mercenary-hacking-group-163522871.html
Hacking groups aren't always divided between state sponsorship and strictly
personal gain. Sometimes, they'll work for any customer with a large-enough
bank account. The Record reports that Trend Micro has identified Void
Balaur, a "cybermercenary" group that has struck both political and
commercial targets since 2015. It primarily steals data to sell to
whoever's willing to pay, whether that's a government or a fraudster.
Void Balaur was initially linked to attacks against human rights activists
and journalists in Uzbekistan. More recently, it attacked Belarusian
presidential candidates in 2020 and several political leaders in an unnamed
Eastern European country. However, the hacking outfit also targeted
executives and directors at a very large Russian company between 2020 and
2021, and has been attacking and selling data from telecoms, banks and
cryptocurrency users. The group has been linked to the on-demand hacking
site RocketHack.me.
It's not clear just where Void Balaur operates from, or whether it has
official government support. There's some overlap between Void's targets
and those of the Russia-backed APT28 (aka Fancy Bear or Pawn Storm), but
not enough to establish a clear link. And while the group has only ever
advertised its services on Russian-language sites, it's not necessarily
operating from Russia. We'd add that Russia usually turns a blind eye to
cybercriminals only so long as they don't attack Russian interests — Void
doesn't have problems attacking Russian businesses.
The study illustrates the difficulty in pinpointing the nature of some
hackers, let alone catching them. Cybermercenaries also pose a particularly
severe threat as they're often happy to attack any target without
reservations. It won't be surprising if there are more groups like Void
Balaur that have simply gone undetected.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20211110/fd31fb83/attachment.html>
More information about the BreachExchange
mailing list