Summary:
Over the span of a decade, an Indian hack-for-hire group, initially operating under the guise of an educational startup, has been exposed for conducting extensive espionage and surveillance operations. Researchers in-depth analysis revealed that the group targeted the U.S., China, Myanmar, Pakistan, Kuwait, and other nations. The group's origins traced back to a research firm that began as an offensive security training provider but had been concurrently engaging in covert hacking activities since at least 2009.
The Indian hack-for-hire group, initially operating as an educational startup, exhibited a multifaceted approach to cyber operations. The researcher's analysis identified the group's flagship tool, "MyCommando" aka GoldenEye or Commando, which provided customers with a comprehensive suite of capabilities, including the ability to log in and access campaign-specific data, communicate securely, and select tasks ranging from open-source research to trojan campaigns. The group's tactics involved a combination of social engineering, phishing, and data exfiltration, with notable infrastructure use of malicious domains for hosting malware in phishing emails. Moreover, the group exploited a California-based freelancing platform, later known as Upwork, to purchase malware from external developers, showcasing a strategic blend of in-house development and external resourcing to augment their hacking arsenal.
The group's global reach was evident in its state-sponsored attacks targeting China and Pakistan, alongside instances of domestic targeting involving the theft of email credentials from Sikhs in India and the U.S. The use of spyware and exploit services from private vendors like Vervata, Vupen, and Core Security further emphasized the group's diverse toolkit. While the organization's operations were described as at times informal and technically crude, the findings underscored their remarkable tenacity and ability to execute successful attacks on behalf of a wide-ranging clientele. The interconnected nature of their activities and the use of multiple platforms and vendors highlighted the sophistication and adaptability of this Indian hack-for-hire group over the course of its decade-long operation.
The revelations regarding the Indian hack-for-hire group shed light on a clandestine operation with global implications. The group's evolution over the years, marked by rebranding and employee transitions, underscores the dynamic nature of cyber threats. The researcher's findings, based on non-public data obtained by Reuters, emphasize the group's significant impact on world affairs and its successful execution of attacks on behalf of diverse clientele. The researchers also draw attention to the interconnected nature of the global hacking landscape, with the Indian security firm implicated in a complex web of cyber activities. As law enforcement becomes involved, there is an increasing call for accountability to hold these attackers responsible for their actions, underscoring the ongoing challenges posed by the hack-for-hire ecosystem.
Threat Profile:
References:
The following reports contain further technical details:
https://thehackernews.com/2023/11/indian-hack-for-hire-group-targeted-us.html