Hacking For Hire: Google Blocks Dozens of Malicious Domains | Ron Benvenisti

Google’s Threat Analysis Group (TAG) just revealed that it blocked 36 malicious domains run by hack-for-hire groups from India, Russia, and the U.A.E.

I must have said this a thousand times: this is a people problem more than a computer problem. So, don’t click and you won’t get sick. Here are the details:

Hack-for-hire firms sell tools aimed at corporate, activists, journalists, politicians, and other high risk profile users.

When their customers buy the spyware and deploy it, the real operators are the hack-for-hire vendors who do the hack in order to obscure the client’s role.

“The hack-for-hire landscape is fluid, both in how the attackers organize themselves and in the wide range of targets they pursue in a single campaign at the behest of disparate clients,” Shane Huntley, director of Google TAG, said in a report.

“Some hack-for-hire attackers openly advertise their products and services to anyone willing to pay, while others operate more discreetly selling to a limited audience.”

A shopping company in Israel, was a recent victim of a hack-for-hire consortium.

As I have warned about countless times here on TLS, it starts by sending phishing emails with a malicious, and when clicked, it takes the user to the attacker-controlled phishing page to grab the private credentials entered by the unsuspecting user.

Credential theft attacks targeting journalists, European politicians, and non-profits have been linked to Void Balaur, a cyber mercenary group first documented by Trend Micro back in November 2021.

Over the past five years, the collective is believed to have singled out accounts at major webmail providers like Gmail, Hotmail, and Yahoo! and regional webmail providers like abv.bg, mail.ru, inbox.lv, and UKR.net.

Phishing attacks, uncovered by Amnesty International as early as 2018, used bogus password reset pages to steal credentials from targets in government, education, and political organizations.

The initial compromise sets off persistent access to legitimate email applications to access  accounts like Gmail, for example, by moving it to over to a pre-owned account on a third-party mail provider. The user will never know the difference.

This content, and any other content on TLS, may not be republished or reproduced without prior permission from TLS. Copying or reproducing our content is both against the law and against Halacha. To inquire about using our content, including videos or photos, email us at [email protected].

Stay up to date with our news alerts by following us on Twitter, Instagram and Facebook.

**Click here to join over 20,000 receiving our Whatsapp Status updates!**

**Click here to join the official TLS WhatsApp Community!**

Got a news tip? Email us at [email protected], Text 415-857-2667, or WhatsApp 609-661-8668.

© Copyright | The Lakewood Scoop. All Rights Reserved