Cyber Mercenary Group Void Balaur Continues Hack-For-Hire Campaigns

Written by

The cyber mercenary group, Void Balaur, continues expanding its hack–for–hire campaigns despite disruptions to its online advertising personas.

The new information comes from cybersecurity experts at SentinelLabs, who recently published an advisory detailing Void Balaur’s latest campaigns.

Written by senior threat researcher Tom Hegel, the document discusses the findings that SentinelLabs first unveiled at its LABScon event on Thursday.

“Void Balaur was first reported in 2019 (eQualitie), then again in 2020 (Amnesty International). In November 2021, our colleagues at Trend Micro profiled the larger set of malicious activity and named the actor 'Void Balaur' based on a monster of Eastern European folklore,” Hegel wrote.

“Most recently Google’s TAG highlighted some of their activity earlier this year. Building on top of analysis from each of our above colleagues, the purpose here is to share our analysis of interesting findings based on newer activity and the large scale set of attacker infrastructure.”

According to the advisory, Void Balaur campaigns in 2022 targeted several industries across the United States, Russia and Ukraine (among others), often with particular business or political interests tied to Russia.

The link would be reinforced by the fact that SentinelLabs spotted a “unique and short–lived connection” between the group’s infrastructure and the Russian Federal Protective Service (FSO).

“Attacks are often very generic in theme, may appear opportunistic in nature, and account for targets making use of multi–factor authentication,” Hegel explained.

Further, the group regularly tries to gain access to well–known email services, social media and instant messaging platforms and corporate accounts.

“Void Balaur remains a highly active and evolving threat to individuals across the globe,” SentinelLabs wrote.

“From the targeting of well–known email services to the offering of hacking corporate networks, the group represents a clear example of the hack–for–hire market. We expect this type of actor to be increasingly common to observe in the wild.”

The advisory comes months after HP released a report detailing how malware–as–a–service (MaaS) is creating a new cybercrime ecosystem.

What’s hot on Infosecurity Magazine?