A scan conducted in an underground hacker-for-hire operation has uncovered 3,500 targets, including presidential candidates, human activists and a crypto exchange.
The reports indicate that Belarusian presidential candidates and activists from Uzbekistan are some of the victims whose Gmail, Protonmail and Telegram accounts were targeted by cybercriminals.
According to a Forbes report, threat actors from the Russian-speaking threat group RocketHack spent the last four years gaining unauthorized access to the email and Telegram accounts, personal computers and Android phones of 3,500 individuals.
In addition to the presidential candidates and activists, IVF doctors from more than a dozen health centers formed part of the list of targeted victims. The revelations add to the wealth of evidence that cybercriminal groups will gladly infiltrate into people’s digital lives if paid to do so.
Although the group has been identified as a Russian-speaking hacker family like the recently-hacked REvil ransomware group, there’s no clear evidence that the cybercriminal enterprise originated from Russia.
Nonetheless, historical cyber reports point to the fact that RocketHack first showed up as a crew offering services on encrypted messaging tools back in 2017.
Their business model shaped overtime to specialize in account takeovers, often targeting the most private and personal data belonging to organizations and high profile individuals. The stolen data is then sold to any willing bidder that may have a stake in the victim targets.
Cybersecurity observers note that RocketHack’s main method of operation is by means of phishing attacks, which involve emails bearing links to fake login pages for Gmail, Protonmail and Telegram.
Even with the latest news, the clear picture about the landscape of its client list remains a mystery. In addition to the recent targets, past reports point to government officials in Ukraine, Slovakia, Russia, Kazakhstan, Armenia, Norway, France and Italy as some of the victims that have been affected by the hacker group’s activities.
The Thriving World of Cyber Mercenaries
An analysis by Trend Micro points to the growth in the cyber mercenary ecosystem in the past few years, with studies showing that the ecosystem is being strengthened by global governments’ alleged interest in leveraging the services as part of their national cybersecurity process.
The fact that the services and tools developed by cyber mercenaries can be used in offensive attacks against terrorist groups and organized criminal organizations increases the popularity of such threat groups.
An additional reason for the rise in cyber mercenaries is that their tools can be sold to other nations as both an economic and political currency. Although some countries stand to gain from such services, it goes without saying that the line between burgeoning cybercrime and national security gain is very thin.