Google is Blocking Harmful Domain Names From Mercenary Hackers

  • By Patrick Ryan
  • Jul 04, 2022

The Google Threat Analysis Group, commonly referred to as TAG, recently revealed it blocked nearly 40 harmful domains controlled by mercenary hackers. Let's take a closer look at the disclosure and explore why it has significance.


Who is Behind the Harmful Domains?


The hackers behind the domains are likely from the Middle East, Russia, and India. However, no confirmation on the specific locations of the hackers involved in the attack is available. Many suspect the malicious domain hackers focused on the Middle East currently reside in the United Arab Emirates.


How is the Digital Attacks Performed?


The hack-for-hire companies responsible for the attack provide clients with the means necessary to conduct targeted attacks against businesses, politicians, journalists, and others. The clients buy spyware from commercial parties and deploy it on their own. Then, the operators responsible for the hack-for-hire attacks perform intrusions on behalf of clients to obfuscate their participation.  
Some hack-for-hire aggressors use the dark web to connect with eager buyers. Others conduct their operations more clandestinely, serving a relatively small but profitable client base.


Who Do the Attacks Target?


One of the latest hack-for-hire operators conducted by a party based in India allegedly zeroed in on IT businesses, educational institutions, shopping companies, fintech companies, and more. Several connections tie these hackers to credential phishing with the overarching aim of obtaining login details related to Gmail accounts, Amazon Web Services (AWS), and government agencies. The campaign centers on emails with rogue links. A click of such a spear-phishing message spurs a phishing page controlled by the attacker to steal credentials provided by users.  


The campaign’s targets include telecom businesses, healthcare businesses, governments, and other groups. According to Google, a firm referred to as Rebsec is behind the India-based attack. Rebsec stands for Rebellion Securities in Amritsar. It is interesting to note that the group’s website is often down. However, when the website is active, it advertises corporate espionage services.


Are any Other Parties Suspected of Contributing to the Threat?


Cyber security researchers have noted similar credential theft attacks targeting non-profit organizations, journalists, and European politicians tied to Void Balaur, an actor living in Russia. The connection was initially made by Trend Micro back in the winter of 2021. The phishing attacks rely on password reset lures to obtain credentials from political groups, educational institutions, and governmental agencies throughout the Middle East, North Africa, and possibly elsewhere.


How Can Businesses and Daily Computer Users Sidestep Such Threats?


If you own a domain name, keep tabs on this story as it develops.   When in doubt, err on the side of excessive digital protection than insufficient protection. If you have not yet added digital security safeguards to your computers and network, seize the opportunity to implement those protections. When in doubt, reach out to the industry experts to ensure your systems are adequately protected.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

Misconfigured Database Spurs Theft of 63 Million OneMoreLead Records

OneMoreLead, a business-to-business (B2B) marketing enterprise, suffered a significant data breach late last year. The marketing company left a database misconfigured, prompting the unintentional leaking of 63 million records. 

How to Prevent Data Loss from a Phone Scam

How to Prevent Data Loss from a Phone Scam

When you think of scams, you probably think of them as someone trying to trick you out of money. While data loss is typically not the primary goal of a scam, it can be the outcome.

UNM Health Data Breach

UNM Health Data Breach

The personal information of nearly 700,000 individuals was stolen in a data breach at the University of New Mexico Health. The data breach was revealed in the second half of 2021.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.