Researchers uncover massive hack for hire operation

vlemon (76)in whalepower • 4 years ago

The report (extensively covered in the FT) stated that researchers from Citizen Lab found 28k web pages set up to steal passwords from hedge funds, government officials, lawyers, advocacy groups & journalists.
It is claimed this is the work of a group dubbed “Dark Basin”, which it is claimed carried out the hacking on behalf of clients. Dark Basin has been linked back to India.
The IT security company NortonLifeLock (previously Symantec) has reported a similar story, which they dubbed Mercenary.Amanda. They believe this group are responsible for persistent credential spearphishing attacks going back to 2013. Mercenary.Amanda behind wave of phishing attacks

Spearphishing attacks are where emails are sent to individuals in the target organisation with the aim of capturing sensitive information such as account credentials or financial information.
It is believed that in this case they used emails that mimicked notifications from online services or sent emails that contained material that would have embarrassed the recipient, encouraging them to click unsubscribe
*** In this case Dark Basin seemed to be targeting environmental & advocacy non profits, including Greenpeace, the Rockefeller Family Fund & the Union of Concerned Scientists. This has raised questions about who might has commissioned these attacks.**
The shift to working from home, driven by COVID disruption, has opened up an new market for this type of cyber risk.
Most analysts expect this type of attack to grow, giving a material tailwind to the cyber security sector.