Serviceteam IT Security News
An obscure Indian company operated a scheme targeting non-profits, banks, politicians and journalists all over the world, a report says

A hack-for-hire group targeted thousands of people and hundreds of organizations across six continents for several years, according to a report by Citizen Lab. The internet watchdog, based at the University at Toronto, tied the ring, dubbed “Dark Basin”, with high confidence to an Indian company called BellTroX InfoTech Services.

Over the course of an investigation that began in 2017, Citizen Lab found that Dark Basin was hired to conduct espionage campaigns against the opponents of their clients involved in high-profile criminal cases, advocacy campaigns and public events. These included prosecutors, senior politicians, journalists, CEOs, and non-profits. “This is one of the largest spy-for-hire operations ever exposed,” said Citizen Lab researcher John Scott-Railton in a statement for Reuters.

A large cluster of victims were linked to the #ExxonKnew campaign, which dealt with the oil giant’s alleged knowledge of climate change for decades. Some of the prominent targets that consented to being named are the Rockefeller Family Fund, the Climate Investigations Center, Greenpeace and the Conservation Law Foundation. Per a New York Times report (paywalled), the expose has prompted a federal criminal investigation in the US.

Dark Basin utilized a range of techniques in its attacks, notably phishing emails. These were sent out from various accounts, including self-hosted and Gmail accounts. The group also employed 28 unique URL shorteners to obfuscate phishing website addresses, with Citizen Lab being able to uncover almost 28,000 different long URLs that directed victims to phishing websites. The websites masqueraded as popular services, such as Facebook, LinkedIn and various email providers.

RELATED READING: How to catch a cybercriminal: Tales from the digital forensics lab

Interestingly, in some cases, the group left the source code of its phishing kit accessible. The code included references to logs and scripts, which held the records of all the interactions with credential phishing websites, as well as the usernames, passwords, and IP addresses used by the victims. This allowed the researchers to observe Dark Basin test their phishing links and credential theft kits.

Citizen Lab concluded that the campaigns were successful to some extent, especially due to their persistence. “For example, we found that some ‘high value’ targets were sent more than one hundred phishing attempts with very diverse content,” said the team.

Besides non-profits and individuals engaged in high-profile public events, Dark Basin was prolific in attacking targets across various industries, such as hedge funds and short sellers, global banking and financial services, legal services, the energy sector, governments, and the list goes on. The variety and number of targets shows that cybercrime-as-a-service is a serious problem that should not be underestimated.

“We also encourage online platforms to be proactive in notifying users that have been targeted by such groups, such as providing detailed warnings beyond generic notifications to help enable targets to recognize the seriousness of the threat and take appropriate action,” said Citizen Lab.

What individuals and organizations can do to protect themselves is to follow cybersecurity best practices and keep educating themselves on the cyber-threats that are lurking in the shadows. Could you honestly say that you would be able to spot a phish? Indeed, why not take ESET’s cybersecurity awareness training?

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!