Cybersecurity researchers at BlackBerry say cybercrime-as-a-service schemes have captured the attention of nation states with active hacking operations, who now have the option to hire cybercriminals to carry out attacks such as phishing, malware or breaching networks for money, ZDNet reports.
“The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability,” according to the BlackBerry 2021 Threat Report.
The Bahamut hacking campaign, which targeted governments, private industry and individuals for several years through operations including phishing, social engineering and zero-day attacks, serves as an example of the level of sophistication cybercriminals can attain in their attacks, Blackberry researchers said. They pointed out that the Bahamut hackers likely picked their targets based on profit and worked for various clients.
Bahamut is currently still active with campaigns against government agencies across the Middle East and has also been active in South Asia, mostly using smartphone-based attacks, the researchers said.
Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.
Intrusions hijacking the eScan antivirus software's updating mechanism have been conducted by threat actors suspected to be linked to North Korean advanced persistent threat operation Kimsuky to facilitate the delivery of the sophisticated GuptiMiner malware that would then distribute cryptocurrency mining payloads, according to BleepingComputer.
North Korean state-sponsored advanced persistent threat operations Lazarus Group, Kimsuky, and Andariel were noted by South Korea's National Police Agency to have targeted several South Korean defense industry entities since late 2022 in a bid to obtain intelligence regarding defense technologies, reports Security Affairs.
BleepingComputer reports that U.S., Germany, Japan, and UK systems have been subjected to ongoing attacks by suspected Vietnamese hacking group CoralRaider leveraging a content delivery network cache to facilitate the deployment of information-stealing payloads.