Since 2015, a novel cyber mercenary hacker-for-hire group known as “Void Balaur” has been linked to a string of cyberespionage and data theft operations targeting thousands of entities, including human rights activists, politicians, and government officials worldwide for financial gain while remaining anonymous.
The adversary is named after a Romanian folklore dragon with many heads. It was discovered promoting its services in Russian-language underground forums as far back as 2017 and trading large collections of sensitive data like cell phone tower logs, credit reports, passenger flight records, SMS communications, financial data, and passport details. “Rockethack” is the name of the threat actor.
In a newly released profile of the collective, Trend Micro analyst Feike Hacquebord said that the hacker-for-hire organization does not operate out of a physical structure and does not have a gleaming brochure that advertises its services.
Hacquebord further said that the organization does not rationalize its operations to get out of a bad situation. It does not file litigation against anyone who attempts to report on their actions. Instead, this gang is very forthright about what it does: hacking into email and social media accounts for financial gain.
Apart from receiving near-unanimous positive feedback on the forums for its ability to provide high-quality information, Void Balaur is suspected of focusing on cryptocurrency exchanges by creating a slew of phishing sites to deceive cryptocurrency exchange users and gain unauthorized access to their wallets. Furthermore, the mercenary group has used Z*Stealer, an information stealer, and Android spyware like DroidWatcher on its targets.
The intrusion set used by Void Balaur has been seen against a diverse array of people and organizations, including journalists, human rights activists, politicians, scientists, IVF clinic physicians, genomics and biotechnology corporations, and telecom engineers. According to Trend Micro, the organization targeted approximately 3,500 email accounts.
The majority of the group’s targets are in Russia and nearby countries such as Ukraine, Slovakia, and Kazakhstan, with victims also said to be in the United States, Israel, Japan, India, and European countries. Telecom providers, satellite communication businesses, and fintech enterprises have been targeted. This includes ATM suppliers, point-of-sale (PoS) vendors, and biotech firms as well.
According to the researchers, Void Balaur goes for the most sensitive and confidential data of corporations and individuals, then sells it to anyone who wants to pay for it. The rationale for the targeting of these people and organizations is yet unknown.
To protect against hacker assaults, use two-factor authentication (2FA) through an authenticator app or a hardware security key, use applications that use end-to-end encryption (E2EE) for email and communications, and delete old, undesired messages permanently to reduce the chance of data exposure.