Void Balaur hackers-for-hire collect political and commercial victims

Researchers indicate the hacker group working for money that been actively attacking since 2015

Void Balaur offers data from various services like Gmail or YandexHacker group offers malicious actors to buy personal details linked to individuals and businesses from telecommunications, financial, political fields

The hacker-for-hire group named Void Balaur has been stealing emails and private data from political and commercial victims for five years now.[1] Researchers[2] reveal that the group's financial and espionage goals pushed to gather sensitive data and sell those records to other customers. It is known that the actors successfully promote the service on various Russian underground forums. Malware gang has targeted at least 3,500 individuals and organizations through years since 2015.

Void Balaur seems to be highly respected in these underground forums, as the feedback for their services is almost unanimously positive, with their customers pointing out the threat actor’s ability to deliver the requested information on time, as well as the quality of the data being provided.

Trend Micro profile on the espionage activities notes that the method of this threat group is focusing on stealing private and sensitive data from businesses and individual victims. Then selling the valuable information to interested customers. Hackers target businesses and people from various sectors like financial, medical, biotechnology, telecommunications, and other fields where private data can become accessible.

Targets with access to personal and valuable data

Hackers particularly focus on public people, journalists, presidential candidates, and politicians, company CEOs. Of course, like any other financially-motivated hacker group these people rely on targets that are executives or directors of companies. Data from telecoms, banks, cryptocurrency users and traders can be extremely valuable.[3]

Trend Micro researchers report that the activity of this group dates back to 2015, but attacks that can be linked with the attackers started in 2017. The advertising campaigns for the services started in September that year. Later on, in 2018, Russian-speaking forums received paid advertisements for the Void Balaur services, so customers could start obtaining data from sources like Gmail, Yandex, Protonmail, Telegram, corporate mailboxes.[4]

Researchers revealed that targets included key engineers, individuals in management positions in particular telecommunication organizations located in Russia. Void Balaur hacker attacks target different companies and people. Some of the investigation reports linked Vid Balaur to attacks against human rights activists and journalists in Uzbekistan.[5]

Improving on services to gather more customers

Void Balaur advertises their hackers-for-hire service and gathers customers interested in buying these details about people and businesses. In 2019, such private and personal data was started to sell out. Information was offered for $21-$124 for a piece and included:

  • credit history;
  • passport information;
  • traffic police data like fines;
  • criminal records;
  • bank account details like balance;
  • tax service records;
  • traffic camera shots;
  • flight information;
  • weapon registration details.

Later on, hackers altered their services and added data from cellular services that can be even more valuable. It is unclear how hackers obtained such details. But phone numbers, phone calls, SMS records and call mapping, SIM card location data got included on the list of offers.

More recent campaigns in September of this year showed the particular focus on the private email addresses of the former head of intelligence agency, government ministers, national parliament members of Eastern European countries, according to investigations.

Political figures, media organizations, journalists, and diplomats can be targeted by these Void Balaur phishing campaigns and other activities. Particular measures should be taken: using robust email services, reputable providers, focusing on high privacy standards, multi-factor authentication.

About the author
Jake Doevan
Jake Doevan - Computer technology expert

Jake Doevan is one of News Editors for 2-spyware.com. He graduated from the Washington and Jefferson College , Communication and Journalism studies.

Contact Jake Doevan
About the company Esolutions