With more than 3,500 targets in 18 months, the group of cyber-mercenaries Void Balaur has established itself as a benchmark in the world of cybercrime and cyberespionage.
Active since at least 2015, this Russian-speaking criminal organization is the subject of a report by Trend Micro, a security software company based in Japan.
On underground forums they are known as Rockethack.
But Feike Hacquebord, the author of the report, named them Void Balaur, after a legendary multi-headed creature in Eastern European folklore.
Among the victims of this organization are human rights activists, journalists and politicians.
Its members also target companies in the telecommunications, finance, biotechnology sectors and even ATM manufacturers.
Read alsoEurope must accelerate in the face of cyber risk
According to the report, the organization engages extensively in phishing, a well-known scam, in which the fraudster impersonates an organization so that the victim can enter their credentials and thus have their data stolen.
But it also sells copies of mailboxes that did not require any interaction with the original user, which leads to the assumption of the direct participation of accomplices in the companies.
Cyber-mercenaries with various targets
Hackers offer their services on clandestine forums where it is possible to see the extent of their offer: hacking of Gmail, Protonmail, Telegram, Vk accounts ... And the results of Void Balaur seem to be there, because on these same networks, almost unanimous feedback is positive, praising the quality of service and data collected.
The report shows that they are also specialized in the sale of personal data, mainly of Russian nationals: "
flight and travel data (passports and ticket purchases), financial records, pension funds or even SMS exchanges
", details Feike Hacquebord.
Read alsoThe Islamists adapt their cyber-crusade
This cyber espionage also targets strategic players around the world. One of the most important campaigns of these hackers is said to have targeted the private email addresses of five ministers and two members of parliament from an Eastern European country. They also recently targeted political figures in Kazakhstan, Ukraine, Slovakia, Russia, Norway, Armenia, Italy and France, says the report. Feike Hacquebord explains to the specialist site Dark Reading that their targets are varied: “
We see Void Balaur as a cyber-mercenary who can potentially be hired by anyone.
A target could be a local store in Moscow, a fashion designer in New York, a senior journalist, a doctor in Ukraine, a veterinary scientist in India, a medical scientist in Brazil, a military mercenary in South Africa, or a politician who saw no choice but to go into exile abroad.
The cybersecurity specialist, however, could not determine the number of members acting for Void Balaur, nor the identity of the organization's clients.