• Researchers at Japanese company Trend Micro tracked the activities of an active group of Russian cyber-mercenaries, Void Balaur

  • The hackers, who use malware, have stolen the personal data of more than 3,500 targets over a period of eighteen months.

  • Their cyber attacks targeted human rights activists, journalists, the media and websites covering political news.

    The clients of Void Balaur are not known.

At the recent Black Hat Europe 2021 conference, a security vendor revealed a massive hack. Among the victims, politicians, doctors, dissidents, human rights activists and journalists. Researchers from the Japanese company Trend Micro followed the activities of this group of Russian-speaking cyber-mercenaries. They named it Void Balaur, in reference to a legendary multi-headed creature from Eastern European folklore.

By “cyber-merchant” we mean a group of individuals who offer their customers, such as governments, criminal organizations and even businesses, different types of products and services on the Web, for a certain price.

“In theory, cyber-mercenaries can be used for non-malicious purposes, such as helping governments fight terrorism and organized crime,” says Trend Micro.

But, in reality, their services end up being used in attacks targeting their clients' adversaries.

In the report presented at the Black Hat Europe 2021 conference, the researchers described the Void Balaur group as having been active probably since September 2015.

Spying and selling personal data

Void Balaur's services consist of breaking into targeted people's email accounts and stealing sensitive personal data.

Passports, text messages, phone call recordings, caller and location information, tickets purchased for cross-border air and train travel, Interpol registrations, credit reports… Cyber-merchants then sell this information at a high price.

Trend Micro research shows that over an eighteen month period, Void Balaur stole data from more than 3,500 targets.

Some victims have even left their country and went into exile.

Researchers said they linked the hacks to attacks in Uzbekistan, which Amnesty International reported last year.

Human rights activists targeted

Trend Micro, eQualitie and Amnesty International reports mention attacks on human rights activists, journalists, media outlets and websites covering political news.

According to the researchers, Void Balaur would not hesitate to attack more media targets either.

The group attacked the former head of an intelligence agency, sitting ministers, members of the national parliament of an Eastern European country and even presidential candidates.

More recently, Void Balaur attacked political figures in Kazakhstan, Ukraine, Slovakia, Russia, Norway, Armenia, Italy and France, the report says.

Techniques and mystery shoppers

Trend Micro was unable to identify the threat pool customers. Likewise, the group's techniques and procedures are unclear. Phishing, hacking of accounts of law enforcement personnel, copies of mailboxes, hijacking of key employees of email providers ... For the moment, researchers have not been able to identify how the members of Void Balaur have managed to access some of the data released for sale in recent years.

According to Amnesty International's report, Void Balaur allegedly used malware. Z * Stealer is one of them. It is designed to collect credentials from different types of software such as instant messaging applications, email clients, browsers, and remote desktop protocol programs. The group also uses DroidWatcher, another piece of information theft malware. But the latter has spy and remote monitoring capabilities. A means for its users to access sensitive location and communication information.

It is possible that this is not just one-off attacks, but a larger campaign, waged on several fronts.

Furthermore, although apparently motivated by financial reasons, many campaigns could be motivated by the desire to cause disruption and conflict among their victims, the report concludes.

High-Tech

Cybercrime: ransomware attacks exploded between 2019 and 2020

High-Tech

Lockean: How has this group of cybercriminals been targeting French companies for two years?

  • High-Tech

  • Phishing

  • Computer science

  • Cyber ​​attack

  • Hacker

  • Cybercriminality

  • Cybersecurity

  • Personal data

  • 0 comment

  • 0 share

    • Share on Messenger

    • Share on Facebook

    • Share on twitter

    • Share on Flipboard

    • Share on Pinterest

    • Share on Linkedin

    • Send by Mail

  • To safeguard

  • A fault ?

  • To print