Wednesday, August 10, 2022
LetsAskBinu.com
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things
No Result
View All Result
LetsAskBinu.com
No Result
View All Result
Home Cybersecurity

Google Blocks Domains of Hack-for-Hire Groups in Russia, India, UAE

Researcher by Researcher
July 4, 2022
in Cybersecurity
0
High-Severity Flaw in Argo CD is Information Leak Risk
189
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


A blog post published by Google’s Threat Analysis Group on Thursday describes the activities of hack-for-hire gangs in Russia, India and the United Arab Emirates.

The internet giant has added more than 30 domains used by these threat groups to its Safe Browsing mechanism, which prevents users from accessing them.

Hack-for-hire groups are often conflated with entities offering surveillance tools. Google has pointed out that surveillance vendors typically provide the tools needed for spying but leave it up to the end user to operate them, while hack-for-hire groups conduct the attacks themselves.

Several hack-for-hire groups have been identified in the past years. Google’s analysis focuses on three groups believed to be operating out of India, Russia and the UAE.

The threat actor linked to India has been tracked by Google since 2012, with some of its members believed to have previously worked for offensive security providers. They now appear to be working for Rebsec, a new company that openly advertises corporate espionage services.

The group has been spotted targeting healthcare, government and telecom organizations in the Middle East, with attempts to phish credentials for AWS, Gmail and government services accounts.

The Russia-linked threat actor, tracked by others as Void Balaur, has targeted journalists, politicians, NGOs and nonprofits, as well as people who appeared to be everyday citizens located in Russia and surrounding countries. These attacks also involved phishing.

“After the target account was compromised, the attacker generally maintained persistence by granting an OAuth token to a legitimate email application like Thunderbird or generating an App Password to access the account via IMAP. Both OAuth tokens and App Passwords are revoked when a user changes their password,” explained Shane Huntley, director of Google’s Threat Analysis Group.

This group also had a public website at one point, which it used to advertise social media and email account hacking services.

The UAE group is mostly active in North Africa and the Middle East, mainly targeting government, political and educational organizations. This threat actor also relies on phishing emails, but uses a custom phishing kit, unlike many other groups, which rely on open source phishing frameworks.

“After compromising an account, the actor maintains persistence by granting themselves an OAuth token to a legitimate email app like Thunderbird, or by linking the victim Gmail account to an attacker-owned account on a third-party mail provider. The attacker would then use a custom tool to download the mailbox contents via IMAP,” Huntley said.

Google believes that Mohammed Benabdellah, an individual sued by Microsoft in 2014 over the development of the H-Worm (njRAT) malware, is linked to the group.

Related: North Korean Threat Actors Acted as Hackers-for-Hire, Says U.S. Government

Related: Hack-for-Hire Group Targets Financial Sector Since 2012

Related: ‘Dark Basin’ Hack-for-Hire Group Targeted Thousands Worldwide

Related: Smoke and Mirrors – Hack-for-Hire Group Builds Fake Online Empire

view counter

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Previous Columns by Eduard Kovacs:
Tags:





Source link

Related articles

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
Tags: blocksDomainsGooglegroupsHackForHireIndiaRussiaUAE
Share76Tweet47

Related Posts

Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
0

A former Twitter worker was found guilty on Tuesday of spying for Saudi officials keen to unmask critics on the...

How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022
0

Learn how to reset your Windows 10 password whether you use a Microsoft Account or a local account. Uh-oh, you’ve...

VMware Warns of Critical Authentication Bypass Flaw

Exploit Available for Critical VMware Bug CVE-2022-31656

August 9, 2022
0

The researcher who discovered two critical vulnerabilities in VMware ONE Workspace Access has released a proof-of-concept exploit for one of...

High-Severity Flaw in Argo CD is Information Leak Risk

Privya Emerges From Stealth With Data Privacy Code Scanning Platform

August 9, 2022
0

Privya emerged from stealth mode on Tuesday with a data privacy-focused code scanning platform and $6 million in seed funding....

How older security vulnerabilities continue to pose a threat

How older security vulnerabilities continue to pose a threat

August 9, 2022
0

Security flaws dating back more than 10 years are still around and still pose a risk of being freely exploited,...

Load More
  • Trending
  • Comments
  • Latest
Brave browser’s Tor mode exposed users’ dark web activity

Brave browser’s Tor mode exposed users’ dark web activity

February 18, 2022
This Week in Fintech: TFT Bi-Weekly News Roundup 08/02

This Week in Fintech: TFT Bi-Weekly News Roundup 15/03

March 15, 2022
QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

QNAP Escalation Vulnerability Let Attackers Gain Administrator Privileges

March 15, 2022
A first look at threat intelligence and threat hunting tools

A first look at threat intelligence and threat hunting tools

March 15, 2022
Beware! Facebook accounts being hijacked via Messenger prize phishing chats

Beware! Facebook accounts being hijacked via Messenger prize phishing chats

0
Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

Shoulder surfing: Watch out for eagle‑eyed snoopers peeking at your phone

0
Remote work causing security issues for system and IT administrators

Remote work causing security issues for system and IT administrators

0
Elementor WordPress plugin has a gaping security hole – update now – Naked Security

Elementor WordPress plugin has a gaping security hole – update now – Naked Security

0
UK Fintech News Round-Up: The Latest Stories 02/03

UK Fintech News Roundup: The Latest Stories 10/08

August 10, 2022
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022
How to reset your Windows 10 password when you forget it

How to reset your Windows 10 password when you forget it

August 10, 2022

Recent Posts

UK Fintech News Round-Up: The Latest Stories 02/03

UK Fintech News Roundup: The Latest Stories 10/08

August 10, 2022
Musk Threatens to Walk Away From Twitter Deal

Jury Finds Ex-Twitter Worker Spied for Saudi Royals

August 10, 2022
MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

MAS Confirms the Return of Singapore Fintech Festival 2022 as an In-Person Event

August 10, 2022

Categories

  • Cyber Threats
  • Cybersecurity
  • Fintech
  • Hacking
  • Internet Of Things
  • Malware
  • Networking
  • Protection

Tags

Access Android attack Attacks banking BiWeekly bug Cisco critical Cyber Cybersecurity Data devices Digital exploited financial Finds Fintech Flaw flaws Google Group Hackers Krebs Latest malware Microsoft million Network News open Payments phishing Ransomware RoundUp scams security Software TFT Threat vulnerability warns Week Windows zeroday

© 2022 Lets Ask Binu All Rights Reserved

No Result
View All Result
  • Home
  • Cybersecurity
  • Cyber Threats
  • Hacking
  • Protection
  • Networking
  • Malware
  • Fintech
  • Internet Of Things

© 2022 Lets Ask Binu All Rights Reserved