Russian, Indian, and U.A.E. hack-for-hire groups had up to 36 malicious domains disrupted by Google's Threat Analysis Group, reports The Hacker News.
Some of the blocked domains were from Russian cybercrime operation Void Balaur, which has been launching credential theft attacks against European politicians, non-profits, and journalists, a Google TAG report showed. Moreover, Indian hack-for-hire operators linked to Rebsec have been pointed out as the perpetrators of credential phishing campaigns aimed at a Nigerian educational institution, Cyprus IT firm, Balkan fintech firm, and Israeli shopping company.
Meanwhile, U.A.E.-based threat group linked to njRAT developers have been associated with phishing attacks targeted at North American and Middle Eastern educational, government, and political entities.
"The hack-for-hire landscape is fluid, both in how the attackers organize themselves and in the wide range of targets they pursue in a single campaign at the behest of disparate clients. Some hack-for-hire attackers openly advertise their products and services to anyone willing to pay, while others operate more discreetly selling to a limited audience," said Google TAG Director Shane Huntley.