Security News > 2020 > June > Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years
A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide - including advocacy groups and journalists, elected and senior government officials, and hedge funds - over the course of seven years.
"Citizen Lab has notified hundreds of targeted individuals and institutions and, where possible, provided them with assistance in tracking and identifying the campaign," according to a report on Dark Basin released by Citizen Lab researchers on Tuesday.
The group sent highly targeted phishing emails to its targets from a range of email accounts, including Gmail accounts and self-hosted accounts.
The use of URL shorteners for masking phishing sites is a staple for the group - researchers said that over 16 months, they observed 28 unique URL shortener services that were operated by Dark Basin.
Researchers said that they believe that in at least one case, Dark Basin repurposed a stolen internal email to re-target other individuals - leading them to conclude that Dark Basin had "Some success" in gaining access to the email accounts of one or more advocacy groups.