Google is Blocking Harmful Domain Names From Mercenary Hackers
- By Steven
- Published: Jul 04, 2022
- Last Updated: Jul 04, 2022
The Google Threat Analysis Group, commonly referred to as TAG, recently revealed it blocked nearly 40 harmful domains controlled by mercenary hackers. Let's take a closer look at the disclosure and explore why it has significance.
Who is Behind the Harmful Domains?
The hackers behind the domains are likely from the Middle East, Russia, and India. However, no confirmation on the specific locations of the hackers involved in the attack is available. Many suspect the malicious domain hackers focused on the Middle East currently reside in the United Arab Emirates.
How is the Digital Attacks Performed?
The hack-for-hire companies responsible for the attack provide clients with the means necessary to conduct targeted attacks against businesses, politicians, journalists, and others. The clients buy spyware from commercial parties and deploy it on their own. Then, the operators responsible for the hack-for-hire attacks perform intrusions on behalf of clients to obfuscate their participation.
Some hack-for-hire aggressors use the dark web to connect with eager buyers. Others conduct their operations more clandestinely, serving a relatively small but profitable client base.
Who Do the Attacks Target?
One of the latest hack-for-hire operators conducted by a party based in India allegedly zeroed in on IT businesses, educational institutions, shopping companies, fintech companies, and more. Several connections tie these hackers to credential phishing with the overarching aim of obtaining login details related to Gmail accounts, Amazon Web Services (AWS), and government agencies. The campaign centers on emails with rogue links. A click of such a spear-phishing message spurs a phishing page controlled by the attacker to steal credentials provided by users.
The campaign’s targets include telecom businesses, healthcare businesses, governments, and other groups. According to Google, a firm referred to as Rebsec is behind the India-based attack. Rebsec stands for Rebellion Securities in Amritsar. It is interesting to note that the group’s website is often down. However, when the website is active, it advertises corporate espionage services.
Are any Other Parties Suspected of Contributing to the Threat?
Cyber security researchers have noted similar credential theft attacks targeting non-profit organizations, journalists, and European politicians tied to Void Balaur, an actor living in Russia. The connection was initially made by Trend Micro back in the winter of 2021. The phishing attacks rely on password reset lures to obtain credentials from political groups, educational institutions, and governmental agencies throughout the Middle East, North Africa, and possibly elsewhere.
How Can Businesses and Daily Computer Users Sidestep Such Threats?
If you own a domain name, keep tabs on this story as it develops. When in doubt, err on the side of excessive digital protection than insufficient protection. If you have not yet added digital security safeguards to your computers and network, seize the opportunity to implement those protections. When in doubt, reach out to the industry experts to ensure your systems are adequately protected.