Hackers for hire specialize in infiltrating email inboxes. Learn more about these cybercriminals and the threat they represent.
In the world of illegal activities in cyberspace, there are different types of threat actors. It is becoming more and more common to read about companies that sell offensive services like Spyware as a Service or commercial network monitoring. Several other actors are also backed by the government. However, another type of threat actor exists, known as hackers for hire.
The Google Threat Analysis Team (TAG) published a report on this type of threat and how it works, providing examples of this ecosystem from India, Russia and the United Arab Emirates.
UNDERSTAND: Password Breach: Why Pop Culture and Passwords Don’t Go Together (Free PDF) (TechRepublic)
Who is a rental hacker?
Hire hackers are professionals who conduct account intrusions (usually mailboxes) and steal data as a service. They sell their services to people who don’t have the skills or capacity to do so.
While some companies openly advertise their services to anyone who pays, others remain in the spotlight and only sell their services to a limited audience.
Some hacker rental structures also work with third parties, often private investigative services, that act as a proxy between the client and the threat actor. It may also be the case that such a rental agency decides to work with experienced freelancers, avoiding hiring them directly.
Indian hackers for hire
Google’s TAG has chosen to share details on Indian hacking companies for hire and says it is tracking a crossbreeding of Indian hired hacking actors, many of whom have previously worked. jobs for Indian attack security companies Appin Security and Belltrox (Picture A).
TAG may link former employees of these two companies to Rebsec, a new company that is publicly advertising corporate espionage on its commercial website (Figure BUG).
Russian hackers for hire
A Russian hacking group for hire has been tracked by the TAG team since 2017 and has been targeting journalists, politicians, NGOs, and non-profit organizations other than everyday citizens. in Russia and surrounding countries.
In those attack campaigns, the threat actor used credential phishing emails that looked the same no matter what the target was. The phishing sites that victims lead to may impersonate Gmail and other online email providers or Russian government entities.
A public website, launched in 2018, that provides additional information and advertising for the service, including intrusive email or social media accounts (SIZE).
As usual among Russian cybercriminals, the threater also highlighted positive reviews of their services from various well-known cybercrime marketplaces such as Probiv.cc or Dublikat.
Hackers United Arab Emirates for rent
A hacker for hire Coporation, group is tracked by TAG most of its activity in the Middle East and North Africa region, targeting government, education and political organizations, including Middle East-focused NGOs in Europe and Palestinian political party Fatah.
The attacker is primarily using the Google or Outlook Web Access (OWA) password reset trick to steal valid credentials from their targets, using a custom phishing toolkit that uses Seleniuma useful tool for automating tasks in web browsers.
Once compromised, persistence is maintained by issuing an OAuth token to a legitimate email client such as Thunderbird or by linking the victim’s Gmail account to another email account created by the threat actor. threatened possession.
Interestingly, this threat agent can be linked to the original developer of the infamous njRAT malware, also known as Bladabindi, H-Worm or Houdini-Worm.
Who is the rental hacker target?
Most common targets for these types of activities are political activists, journalists, human rights activists, and other high-risk users around the world.
Firms, attorneys, and attorneys are also at risk because some hackers for hire are hired to target them before expected lawsuits or during litigation. They can also be targeted for corporate espionage and theft of industrial secrets.
Finally, any citizen can be targeted, as some hacker rental structures offer low prices to compromise and provide access to any individual, typically husband or wife wants to find information about ongoing problems and the like.
How to protect from rental hackers?
Most of these threat actors actually use phishing emails as a starting point and usually don’t go beyond email and data breaches, which means they don’t necessarily need any software. maliciously using social engineering tricks.
UNDERSTAND: Mobile device privacy policy (TechRepublic Premium)
There is a need to raise awareness about email scams and related fraud attempts. Multi-factor authentication should also be implemented when possible to add an extra layer of security against such attackers.
Google recommends that high-risk users turn on Advanced Protection and Advanced Safe Browsing at the Google Account Level and make sure all devices are up to date.
Ultimately, no one can authenticate a website that pops up from a click on an email link. The user should always navigate to the legitimate page of the service and authenticate there without using any links.
Disclosure: I work for Trend Micro, but the views expressed in this article are mine.
