The Threat Analysis Group (TAG) of Google LLC reported on Thursday that it had blocked more than 30 fraudulent domains linked to international hacker groups from various regions, according to Silicon Angle.
To conduct corporate espionage attacks against businesses, human rights activists and journalists, these hack-for-hire groups have been actively targeting Gmail and Amazon Web Services Inc. accounts. The groups allegedly use known security vulnerabilities when executing opportunistic campaigns.
What Are the Hack-for-Hire Organizations Doing?
According to Bleeping Computer, operators that conduct attacks for compensation are known as "hack-for-hire" operators and are typically employed by a company providing such services. Some of them may also act as "freelance" threat actors. They differ from commercial surveillance providers whose tools are used by users for attacks.
Politicians, journalists, human rights and political activists, as well as other high-risk users from around the world have all been victims of hack-for-hire gangs engaged in data theft and corporate espionage campaigns.
They are employed for their hacking abilities by clients who lack them or who wish to remain anonymous if the attacks are discovered and looked into.
Read More: 24.6 Billion Usernames, Passwords Up for Sale on the Dark Web
Google Tag Is Actively Tracking These Fraudulent Groups
Google TAG is currently monitoring numerous hack-for-hire groups from a number of nations and their efforts, including those from India, Russia, and the United Arab Emirates, as per Bleeping Computer.
A large number of threat actors with governmental support and financial motivations are also being tracked by Google TAG's team of security specialists, including dozens of vendors who provide spyware to governments all over the world.
Google TAG members Clement Lecigne and Christian Resell recently stated that TAG is currently tracking more than 30 vendors with varied levels of expertise and public exposure providing exploits or surveillance capabilities to government-backed entities.
Bleeping Computer, citing Reuters, also reported that the email inboxes of the targets' lawyers, around 1,000 attorneys at 108 different law firms, as well as at least 75 U.S. and European companies have been targeted by Indian cyber-mercenaries.
For instance, over the past decade, a group of hired Indian spies linked to offensive security providers Appin and Belltrox has orchestrated credential phishing campaigns against Saudi Arabian, United Arab Emirates (UAE), and Bahraini organizations in the government, healthcare, and telecom sectors.
In Europe and Russia, credential phishing attempts targeting journalists, politicians, and other NGOs and non-profit groups were linked to Void Balaur, a different hacker-for-hire threat actor from Russia.
Last but not least, as per Bleeping Computer, a hacker-for-hire organization based in the UAE linked to the creators of H-Worm, whose activity was also noted by Amnesty International, has mainly targeted political, educational, and governmental institutions in the Middle East and North Africa.
How Can You Protect Yourself From These Groups
The research's findings are used by TAG to strengthen the safety and security of Google's products as part of its efforts to counter severe threat actors. According to Google TAG Director Shane Huntley, all discovered websites and domains were added to Safe Browsing to shield users from additional risk.
Any user who poses a security risk is urged by TAG to enable Advanced Protection and Google Account Level Enhanced Safe Browsing as well as to keep all of their devices up to date. Additionally, Google's CyberCrime Investigation Group is providing law enforcement with pertinent information and indicators.
Related Article: Carnival Cruises Fined $5 Million for Cybersecurity Failures
