Indian hacker-for-hire firm wanted by FBI targeted ExxonMobil and others
Last week we reported on CloudEyE which was a legitimate Italian business helping hackers with spreading malware. Now, Citizen Lab has unveiled a major “hack-for-hire” operation based in India, as a legitimate, registered company.
The “multi-year investigation” by Citizen Lab revealed that the group targeted “advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.”
The hacker group known as ‘Dark Basin’ had also been working on a campaign accusing ExxonMobil of hiding information about climate change it had known.
Researchers at Citizen Lab stated:
“Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.”
On discovering the information, Citizen Lab was quick to notify a large number of individuals and organisations targeted by the group. They additionally looped in Department of Justice (DOJ) and law enforcement bodies on the issue.
Citizen Lab was able to trace back the origins of ‘Dark Basin’ to an Indian company and individuals named in the report. Additionally, the timestamps found in hundreds of phishing emails appear to be in GMT+5:30 timezone, which corresponds to Indian Standard Time (IST).
“We link Dark Basin’s activity with high confidence to individuals working at an Indian company named BellTroX InfoTech Services (also known as “BellTroX D|G|TAL Security,” and possibly other names). BellTroX’s director, Sumit Gupta, was indicted in California in 2015 for his role in a similar hack-for-hire scheme.”
Detailed results of the investigation are available in the same report.
About the author
Sea Turtle Cyber Espionage Campaign Targets Telecommunication and IT Companies in the Netherlands 
Carbanak Banking Malware Resurfaces with Updated Tactics in Ransomware Attacks 
Theme park giant Parques Reunidos hit by a ransomware cyber attack 
Phishing kit screenshots your email domain on the fly to appear real 
Royal Mail online tracking returns — with a frustrating captcha that works half the time 
New convincing phishing campaign targets Booking.com and Blockchain.com customers 
Rogue WordPress plugin: Threat hunters uncover credit card skimming campaign targeting e-commerce sites 
Albanian Parliament and telco ‘One Albania’ suffer cyber attacks