Posted on July 1, 2022 at 7:18 AM
Google’s Threat Analysis Group (TAG) has identified and blocked several dozens of malicious websites and domains used by hack-for-hire groups. According to the cybersecurity unit of the tech giant, the groups are hired to compromise high-level targets worldwide.
Hack-for-hire threat groups operate differently from commercial surveillance vendors. They operate directly on the attack activities. Additionally, they are generally hired by a company that offers such services. Some of them work as “freelance” threat actors in some cases, offering their hacking expertise to whoever needs it at a price.
They are employed on a short-term basis to work on certain hacking activities. The Google TAG team stated that several of the hack-for-hire groups can work for a singular project, especially if the target is a large organization or an institution offering critical services.
They are usually hired for their hacking skills by clients who do not have such skills. But in some cases, their clients are those that want to hide their identity in case the attack was detected during investigation.
The Group Targets Both Individuals And Organizations
The hack-for-hire threat actors target both individuals and organizations in corporate and data theft campaigns. The individual targets usually focus on celebrities and popular persons, including human rights and political activists, journalists, and politicians, as well as other people with major followers all over the world.
Director at Google TAG, Shane Huntley, stated that the types of targets for high-for-hire campaigns are different from the regular targets of many state-backed threat actors. The hack-for-hire attackers usually have different missions and targets.
Google’s TAG Tracks Several Hacker-For-Hire Services
In a recent hacking campaign from an Indian hire-for-hack operator, the group was observed targeting a shopping company in Israel, a fintech company in the Balkans, an educational institution in Nigeria, and an IT firm in Cyprus. At the moment, Google TAG said it is tracking several hack-for-hire companies from different countries and their hacking campaign. These firms are scattered all over several regions, including in the United Arab Emirates, Russia, and India.
A group of hack-for-hire companies in India has been linked to offensive security providers Appin and Belitox. The group has been observed to exist for the past 10 years and has successfully carried out credential phishing campaigns on US organizations. According to the report, the Indian-based company has been used to attack several US organizations in the telecom, healthcare, and government sector. The group has also been observed in other places like Bahrain, Saudi Arabia, and the United Arab Emirates.
A recent report by Reuters revealed that Indian hackers have also tried compromising not less than 75 European and US companies and three dozen media and advocacy groups as well as several Western business executives. The groups have also been discovered to target more than 100 law firms and over 1,000 lawyers and attorneys.
The Google TAG team also revealed that another hack-for-hire cyberattack group from Russia, known as Void Balaur, carried out credential phishing attacks against politicians, journalists, and several other non-governmental organizations across Europe.
Additionally, another hack-for-hire group based in UAE and linked to H-Worm’s developers was also identified. The activity of the group was discovered by Amnesty International earlier this year. According to reports, the group’s main focus is on political organizations, and educational, and government institutions in North Africa and the Middle East.
Google TAG Team Advises Users To Apply Security Features
Huntley noted that as part of his team’s efforts to fight threat actors, they use results from research conducted to improve the overall security of Google’s products After finding out about these malicious websites and domains, the team took immediate action to add Safe Browsing feature to offer more protection to users.
He added that the research and its findings are not only needed by Google products’ users but everyone that cares about their safety and security online. Following the finding, the Google TAG team has advised high-risk users to enable Advanced Protection and Enhanced Safe Browsing feature to make sure that their devices are updated. Also, the CyberCrime Investigation Group will share important details with law enforcement agencies to offer further protection to users.
Huntley has also provided complete details of malicious domains Google blocked during the investigation of the hack-for-hire groups in the UAE, Russia, and India. More than 30 vendors with different levels of sophistication have been tracked by Google’s TAG this year.