A team of cybersecurity researchers today outed a little-known Indian IT firm that has secretly been operating as a global hackers-for-hire service or hacking-as-a-service platform.
Based in Delhi, BellTroX InfoTech allegedly targeted thousands of high-profile individuals and hundreds of organisations across six continents in the last seven years.
Hack-for-hire services do not operate as a state-sponsored group but likely as a hack-for-hire company that conducts commercial cyberespionage against given targets on behalf of private investigators and their clients.
According to the latest report published by the University of Toronto’s Citizen Lab, BellTroX—dubbed ‘Dark Basin‘ as a hacking group—targeted advocacy groups, senior politicians, government officials, CEOs, journalists, and human rights defenders.
“Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy,” the report reads.
Citizen Lab started its investigation into the ‘Dark Basin’ group in 2017 after it was contacted by a journalist targeted with phishing pages that were served via the self-hosted open-source Phurl URL shortener.
images from Hacker News