The Shadow Brokers, a hacking group affiliated with the NSA, have leaked what they claim are cyber-espionage exploits targeting over 3500 entities globally. These tools could be used for damaging business and personal security in any country that has been targeted.
Cyber security news is a daily occurrence. It is the most important thing to keep track of in this day and age. The “Void Balaur’s cyber-espionage exploits targetted over 3500 entities globally” is an article about a company that has been hacked by some group called “Void Balaur”.
Rockethack, a cyber mercenary outfit known as Void Balaur, has been conducting assaults against important targets throughout the globe, some of which have resulted in real-life repercussions.
Trend Micro has been looking into the organization for over a year, thinking it has been active since 2015, especially in cyberespionage and data theft, and selling stolen data to anybody willing to pay the correct amount. Trend Micro said in a study issued on Wednesday that the gang has targeted over 3500 people and companies, some of whom have been attacked several times.
Countries where the email targets for Void Balaur were found. | Source: Trend Micro
In a study report titled Void Balaur: Tracking a Cybermercenary’s Activities, Feike Hacquebord, a security researcher at Trend Micro, delves further into the group’s offers, targets, links with other threat actors, and the possible implications they may have had on their victims.
Microsoft returns to school with the Surface Laptop SE, which runs Windows 11.
After receiving many phishing emails from a source, the organization was brought to Trend Micro’s attention. Initially, the researchers thought they were the work of Pawn Storm, a Russian band that also goes by the names Fancy Bear, Sednit, Pawn Storm, and Strontium.
Despite the fact that the emails were ascribed to Void Balaur, researchers discovered similarities between the two organizations, but Void’s targets and customers were more varied.
Hacking into email and social media accounts is one of their main services. The organization can even give entire duplicates of a stolen mailbox without user participation in rare situations, however these come at a greater cost. This is particularly risky since it would need an insider threat or perhaps a complete penetration of the email provider’s infrastructure.
Beginning in 2019, Void Balaur began selling private data of Russian citizens. The following information was included in the data:
- Information about your passport and flight
- Records of criminal activity
- History of credit
- Statements and account balances
- SMS messages are printed out.
According to Trend Micro’s study, it’s impossible to say how the gang got upon such vast amounts of data, particularly telecom data. Hacking telecom engineers or compromising the system itself are also possibilities.
When it comes to advertising, the organization relies on Russian underground websites like Darkmoney and Probiv. The group seems to be well-liked on these forums, with almost all of the reviews being favorable.
Void Balaur is credited with creating the EXMO phishing website. | Source: Trend Micro
By creating various phishing sites to fool clients and get access to their wallets, Void Balaur has also targeted cryptocurrency exchanges and their personnel. EXMO, a cryptocurrency exchange, has been the target of the group’s assaults.
Trend Micro identified further victims using external reports from eQualit.ie and Amnesty International, including human rights advocates, journalists, the media, and political news websites. Several high-profile targets were also attacked, including a former head of an intelligence agency, current government ministers, members of an Eastern European country’s national parliament, and even presidential hopefuls.
Balaur was also discovered using a basic yet specialized virus, according to Amnesty International’s investigation. Z*Stealer, for example, is intended to collect credentials from a variety of applications, including but not limited to instant messaging apps, browsers, email clients, RDP programs, and cryptocurrency wallets.
DroidWatcher was another virus identified on the group’s record. In addition to stealing data, it also allows the operator to eavesdrop on them and monitor them remotely.
Meta is removing certain ad targeting choices and expanding ad restrictions.
When he’s not writing/editing/shooting/hosting all things tech, he streams himself racing virtual vehicles. Yadullah may be reached at [email protected], or you can follow him on Instagram or Twitter.