Russian, Indian, and U.A.E. hack-for-hire groups had up to 36 malicious domains disrupted by Google's Threat Analysis Group, reports The Hacker News.
Some of the blocked domains were from Russian cybercrime operation Void Balaur, which has been launching credential theft attacks against European politicians, non-profits, and journalists, a Google TAG report showed. Moreover, Indian hack-for-hire operators linked to Rebsec have been pointed out as the perpetrators of credential phishing campaigns aimed at a Nigerian educational institution, Cyprus IT firm, Balkan fintech firm, and Israeli shopping company.
Meanwhile, U.A.E.-based threat group linked to njRAT developers have been associated with phishing attacks targeted at North American and Middle Eastern educational, government, and political entities.
"The hack-for-hire landscape is fluid, both in how the attackers organize themselves and in the wide range of targets they pursue in a single campaign at the behest of disparate clients. Some hack-for-hire attackers openly advertise their products and services to anyone willing to pay, while others operate more discreetly selling to a limited audience," said Google TAG Director Shane Huntley.
English and Russian-speaking Windows users are being targeted by the novel Mimic ransomware, which has been leveraging the APIs of the Everything file search tool to identify to-be encrypted files, reports BleepingComputer.
North Korean state-sponsored advanced persistent threat group TA444 has engaged in a credential harvesting campaign targeting the U.S. and Canada with OneDrive phishing emails beginning last month, according to SecurityWeek.