Trend Micro revealed details of a new group of Russian-speaking cyber-mercenaries responsible for at least 3,500 victims over the past six years.
Nicknamed “Void Balaur” after an evil creature in Eastern European folklore, the group is called “Rockethack” on underground Russian-speaking forums, where they have been advertising since 2018 for positive reviews at 100%.
According to Trend Micro outfit report, it focuses on compromising email and social media accounts and selling sensitive personal and financial information, including telecommunications data, passenger flight records, banking data, and passport details.
Its global targets range from Russian telecommunications operators to ATM providers, financial services companies, medical insurers and IVF clinics. These are selected because they store lucrative personal and business information that can be sold for a relatively high price. The group charges over $ 800 for recordings of phone calls with cell tower locations, for example.
However, Void Balaur is also targeting journalists, human rights activists, politicians, scientists, doctors, telecommunications engineers, and cryptocurrency users.
Some of them overlap with individuals targeted by the notorious Kremlin-backed Pawn Storm group (APT28, Fancy Bear), although the two groups are not believed to be otherwise related.
According to Trend Micro, phishing and information theft malware and its main tools to compromise its victims. This makes multi-factor authentication (MFA), end-to-end encrypted applications, ârobustâ email, and enterprise detection and response tools a must, the vendor said.
The proliferation of groups like Void Balaur is a consequence of a highly professionalized cybercrime economy, argued Feike Hacquebord, senior threat researcher at Trend Micro.
“Given the insatiable demand for their services and the hosting of some actors by nation states, they are unlikely to disappear anytime soon,” he added. âThe best form of defense is to educate the industry about the threat in reports like this and encourage cybersecurity best practices to help thwart their efforts. “