Google’s Threat Analysis Group (TAG) blocks malicious domains and websites that hack-for-hire groups use to attack high-risk targets.
Hack-for-hire groups target individuals and organizations to steal data and conduct industrial espionage. Their victims in the past have included politicians, journalists, or human rights and political activists. In a recent campaign by an Indian hack-for-hire provider, an IT company in Cyprus, an educational institution in Nigeria, a fintech company in the Balkans and a purchasing company in Israel were attacked.
Currently, Google TAG is pursuing hack-for-hire companies from several countries. For example, a group of hired spies from India, have conducted phishing campaigns against government, healthcare and telecom organizations in Saudi Arabia, the United Arab Emirates (UAE) and Bahrain. Reuters also reports that Indian cyber-bots also attempted to hack at least 75 U.S. and European companies, three dozen advocacy and media groups, and numerous Western businessmen, as well as penetrate the email inboxes of targeted individuals’ lawyers.
Phishing attacks by Void Balaur
Another “hack-for-hire” threat actor from Russia, known as Void Balaur, has been linked to phishing attacks on credentials of journalists, politicians, and various NGOs and nonprofit organizations across Europe. Last but not least, a UAE-based hack-for-hire group linked to H-Worm’s developers, whose activities have also been detected by Amnesty International, has focused its attacks mainly on government, educational and political organizations in the Middle East and North Africa.
Google TAG experts use the results of their investigations to improve product security. Identified websites and domains are added to Safe Browsing to protect users from further harm. Google recommends high-risk users to enable advanced protection and advanced safe browsing at the Google account level and ensure that all devices are updated. In addition, Google’s CyberCrime Investigation Group shares relevant details and indicators with law enforcement.
Google TAG’s team of security experts also tracks a long list of state-sponsored and financially motivated threat actors, including dozens of surveillance vendors that sell their spyware to governments around the world.