Serviceteam IT Security News

Security researchers at Kaspersky have uncovered a new cyber-mercenary group that they claim has been providing hacking services for hire for almost a decade.

Dubbed “Deceptikons,” the APT group isn’t particularly sophisticated from a technical perspective and isn’t known to have deployed any zero-day threats during that time, the Russian AV vendor said in a Q2 round-up report.

“The Deceptikons infrastructure and malware set is clever, rather than technically advanced. It is also highly persistent and in many ways reminds us of WildNeutron,” the firm said.

Also known as Jripbot and Morpho, WildNeutron was known for targeting private companies for profit around the globe, most notably Apple, Facebook, Twitter and Microsoft in 2013. The threat actors behind the group were noted for the care they took in hiding command and control server (C&C) addresses and building-in special features to help with recovery from any C&C shutdown attempts.

Like WildNeutron, Deceptikons is unusual for APT groups in focusing on commercial and non-governmental targets.

“In 2019, Deceptikons spear-phished a set of European law firms, deploying PowerShell scripts. As in previous campaigns, the actor used modified LNK files requiring user interaction to initially compromise systems and execute a PowerShell backdoor,” explained Kaspersky.

“In all likelihood, the group’s motivations included obtaining specific financial information, details of negotiations and perhaps even evidence of the law firms’ clientele.”

Hacker-for-hire groups represent a different but no less immediate threat to organizations than state-sponsored operatives. In some cases, they do go after government as well as commercial targets.

In June, Citizen Lab uncovered a major operation against journalists, rights groups, government officials, financial institutions and others, apparently orchestrated by an Indian tech firm. The mere presence of Dark Basin, as well as Deceptikons and groups like them, indicates there is a thriving market in the outsourcing of cyber-espionage activity.

Source: Infosecurity Magazine

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!