Cybersecurity specialists of Trend Micro during the investigation identified the hacker group Void Balaur, which has a Russian trace. Moreover, her activities are not limited to the sale of confidential data and hacking of accounts. Void Balaur hackers have launched cyberattacks on human rights defenders, journalists, opposition figures and officials in about a dozen countries. it says in the published company report. For five years, Void Balaur remained in the shadows.
Investigators found out that one of the members of the group is a Russian-speaking hacker operating under the pseudonym Rockethack. He has extensive knowledge of the operation of telecommunication networks and Internet providers in the Russian Federation and other post-Soviet states.
As a motto, the Void Balaur hackers used a quote from Nikolai Kononov’s book “The Durov Code. The real story of VKontakte and its creator ”:“ Money is not the main thing in the free Internet. The main thing is the power that belongs to the one who controls the flow of information. ” Later, the group’s motto was a quote from the book “Fake Mirrors” by science fiction writer Sergei Lukyanenko: “All information in the world is gossip. If you know how to listen to them, then you can learn and isolate the truth. “
The earliest found mention of Void Balaur and Rockethack in underground hacking forums dates back to September 8, 2017. Then the group sent out spam advertising their services related to hacking e-mails and social media accounts. Six months later, similar, but already paid advertising appeared on the underground forums Darkmoney and Probiv. Moreover, all forums on which Void Balaur ads appeared are targeted at Russian-speaking users.
Since 2019, Void Balaur has been promoting the sale of important confidential information about Russian citizens. For example, it was possible to buy passport data for $ 21, information about the flights of a certain person – for $ 124. Even more expensive were billing systems ($ 826), which allow you to track who a person called and where he was at the same time.
Investigators speculate that hackers can obtain such information through bribed employees of cellular operators. However, the version of hacking of Russian telecommunication systems is not ruled out either.
Investigators have suggested that Void Balaur was involved in phishing emails and cyber attacks that targeted human rights defenders, activists, journalists and the media in Uzbekistan. These attacks have been carried out since 2016.
Void Balaur’s actions grew more daring. In 2020, the group’s targets were two presidential candidates in Belarus. And in September 2021, hackers attacked private e-mail boxes belonging to former and current high-ranking officials of an Eastern European country. The targets of the attacks were the postal addresses of the former head of the intelligence service, five ministers, including the head of the Ministry of Defense and two members of parliament.
Void Balaur hunted for data on politicians and officials in Ukraine, Slovakia, Russia, Kazakhstan, Armenia, Norway, France and Italy. “Some of the victims considered the threat so serious that they left their home countries and went into exile,” the investigators say. Void Balaur operates not only in Europe, but also in the USA, Israel, Japan.
According to the findings of the investigators, several areas are of particular interest to hackers: mobile and satellite communications, the sale of ATMs, banking and finance (including the cryptocurrency market), health insurance, IVF centers in Russia, biotechnological companies providing genetic testing services.
In 2021, the targets of Void Balaur attacks were, for example, over 50 employees of more than 20 Russian IVF clinics.