Contents:
For more than five years, a hacker-for-hire company known as Void Balaur has been collecting emails and extremely sensitive material and selling it to customers with financial and espionage aims.
This prolific threat actor is advertising its services on Russian underground forums, with over 3,500 targets distributed across, practically, all continents.
The business plan of this actor, according to security experts at Trend Micro who are tracking Void Balaur’s activities, is to steal and sell it down the line to other interested consumers of such “[…] confidential and personal data of enterprises and individuals” .
Void Balaur is not only into hacking email mailboxes but is also in the business of selling the sensitive private information of its targets. This includes cell tower log data, passport details, SMS messages, and more. In addition, Void Balaur appears to target many organizations and individuals that are likely to have access to highly sensitive data on people.
Individuals and organizations in a variety of industries (telecommunications, retail, financial, medical, and biotechnology) are targeted, especially if they have access to large amounts of personal information.
Void Balaur’s Background
Although the earliest reference to Void Balaur dates back to September 2017, the hacking activities of this actor are thought to have started in 2015.
Void Balaur started to show its presence back in 2018 through paid adverts on Russian-speaking forums. On a list of these forums, one could find Darkmoney (carding), Probiv, Tenec (stolen credentials), and Dublikat.
Free webmail (Gmail, Protonmail, Mail.ru, Yandex, VK), social media (Telegram), and business email accounts were among the options available. Customers will be given copies of the hacked mailboxes by the hackers.
As reported by BleepingComputer, in 2019, the group’s services grew, with the company beginning to sell sensitive private data of Russian citizens for starting rates ranging from $21 to $124.
The data included passport and flight information, traffic camera snapshots, traffic police data (fines, car registration), weapon registration, criminal records, credit history, bank account balance and statements alongside tax service records.
One of the assumptions on how Void Balaur got into the possession of such info is unclear but authorities suspect that they bribed insiders at certain telecom companies.
Recent Activity
In September 2020, the group’s most recent action targeted political figures in Belarus, presidential contenders, and a member of the opposition party.
The hackers targeted “the private email accounts of a former director of an intelligence agency, five current government ministers (including the minister of defense), and two members of an Eastern European country’s National Parliament” in September 2021.
Other nations’ political officials and diplomats (Armenia, Ukraine, Kazakhstan, Russia, France, Italy, Norway, Slovakia), media organizations, and scores of journalists are all targets of Void Balaur’s phishing operation.
The beneficiaries of these attacks are unknown at this time.
If you liked this article follow us on LinkedIn, Twitter, YouTube, Facebook, and Instagram to keep up to date with everything about cybersecurity.
Dora is a digital marketing specialist within Heimdal™ Security. She is a content creator at heart - always curious about technology and passionate about finding out everything there is to know about cybersecurity.
