A highly sophisticated gang, Russian in origin but globally active, has been behind a major on-demand spy campaign active since at least 2018. The group has been called the Void Balaur, in reference to a mythical creature from Slavic folklore, and would have already carried out attacks against influential personalities even in Brazil, despite Europe and North America is the main focus of operations.
On dark web forums, criminals offer services that revolve around obtaining personal, financial, and sensitive information. To achieve this, they work with malware that logs your typing and what appears on the device screen, uses fraudulent emails, and breaks into email accounts and social media profiles, passing the obtained data to their contractors. Those responsible for the attacks don’t care who the targets are, with a Trend Micro poll talking about both ordinary people and high-profile targets such as politicians, researchers, activists, telecommunications company engineers, doctors, and diplomats.
According to the Trend Micro survey, at least five members of a single European government, as well as an intelligence official, were targeted in a targeted campaign. The political focus also appears in incidents recorded in countries like India, the United States, and even Russia itself; the exact content of these scams is not known, with researchers even citing the offer of a “premium” service in which criminals would be able to break into accounts without the need to deploy malware or use fraudulent emails.
Cases of industrial espionage are also reported, such as attacks on a Russian conglomerate that lasted nearly a year and targeted not only executives but also their families. The idea is that the information would be used both in commercial decisions and market movements as well as in extortion, especially when records such as criminal records, personal expenses, and browser histories are obtained and passed on to third parties. The same goes for another campaign, in which 60 doctors were the focus, with the right to leak medical records and details of patient treatment.
A fear cited by Trend Micro concerns the use of information obtained in attacks, especially against infrastructure companies. One of the incidents, for example, targeted telecommunications engineers at a large telecommunications company; while Void Balaur’s criminals themselves only work on obtaining data, the exact motivation of its contractors, which may even include nation-states involved in espionage efforts, is not known.
For experts, the so-called “digital mercenaries” are yet another reflection of the current cybercrime economy, which has made the activities of hacking and compromising networks highly profitable. Alongside ransomware and denial of service attacks, the view is that such activities can become trends, both by keeping those originally responsible for operations confidential and by opening the door to attacks even to those without the necessary knowledge to do so.
Source: Trend Micro, ZDNet