Security News > 2022 > June > Google Blocks Dozens of Malicious Domains Operated by Hack-for-Hire Groups

Google's Threat Analysis Group on Thursday disclosed it had acted to block as many as 36 malicious domains operated by hack-for-hire groups from India, Russia, and the U.A.E. In a manner analogous to the surveillanceware ecosystem, hack-for-hire firms equip their clients with capabilities to enable targeted attacks aimed at corporates as well as activists, journalists, politicians, and other high-risk users.

"The hack-for-hire landscape is fluid, both in how the attackers organize themselves and in the wide range of targets they pursue in a single campaign at the behest of disparate clients," Shane Huntley, director of Google TAG, said in a report.

The Indian outfit, which Google TAG said it's been tracking since 2012, has been linked to a string of credential phishing attacks with the goal of harvesting login information associated with government agencies, Amazon Web Services, and Gmail accounts.

Google TAG attributed the Indian hack-for-hire actors to a firm called Rebsec, which, according to its dormant Twitter account, is short for "Rebellion Securities" and is based in the city of Amritsar.

Following the account compromise, the threat actor maintains persistence by granting an OAuth token to a legitimate email application like Thunderbird, generating an App Password to access the account via IMAP, or linking the victim's Gmail account to an adversary-owned account on a third-party mail provider.

The findings come a week after Google TAG revealed details of an Italian spyware company named RCS Lab, whose "Hermit" hacking tool was used to target Android and iOS users in Italy and Kazakhstan.

News URL

https://thehackernews.com/2022/06/google-blocks-dozens-of-malicious.html