Last week we reported on CloudEyE which was a legitimate Italian business helping hackers with spreading malware. Now, Citizen Lab has unveiled a major “hack-for-hire” operation based in India, as a legitimate, registered company.
The “multi-year investigation” by Citizen Lab revealed that the group targeted “advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.”
The hacker group known as ‘Dark Basin’ had also been working on a campaign accusing ExxonMobil of hiding information about climate change it had known.
Researchers at Citizen Lab stated:
“Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.”
On discovering the information, Citizen Lab was quick to notify a large number of individuals and organisations targeted by the group. They additionally looped in Department of Justice (DOJ) and law enforcement bodies on the issue.
Citizen Lab was able to trace back the origins of ‘Dark Basin’ to an Indian company and individuals named in the report. Additionally, the timestamps found in hundreds of phishing emails appear to be in GMT+5:30 timezone, which corresponds to Indian Standard Time (IST).
“We link Dark Basin’s activity with high confidence to individuals working at an Indian company named BellTroX InfoTech Services (also known as “BellTroX D|G|TAL Security,” and possibly other names). BellTroX’s director, Sumit Gupta, was indicted in California in 2015 for his role in a similar hack-for-hire scheme.”
Detailed results of the investigation are available in the same report.