Hack-for-Hire Group DarkCrewFriends Resurfaces

Hackers often manage hire-a-hacker platforms online to offer a variety of paid criminal services ranging from bots to traffic services for websites. A hackers-for-hire group ‘DarkCrewFriends’, offering similar services, has resurfaced in the month of June.

The campaign attack chain

Check Point researchers discovered an ongoing, evolving campaign from the DarkCrewFriends hacker group that had earlier caused a data breach in an Italian news site in 2013.
  • In an ongoing campaign, the DarkCrewFriends group was seen exploiting an unrestricted file upload vulnerability to compromise PHP servers, establish a backdoor, and set up a communication with a C&C server using an IRC channel.
  • The crew focus on creating a botnet infrastructure that can be leveraged for several purposes. An Italian user named 'SOULDRK' publicizes his group’s exploit services on a hacking forum. 
  • The attackers sought a new domain (pkalexeivic[.]com) to host their malware associated with the aforementioned campaign.

The bot shop services

DarkCrewFriends has been observed advertising its services on hacking forums.
  • DarkCrewFriends group offers traffic services and bot shop services as well as a range of services including installing, managing, and updating their exploits to its clients.
  • Another Italian user named 'SOULDRK' was also found publicizing the group’s exploit services on a hacking forum.

Another Hack-For-Hire operation

Citizen Lab had uncovered yet another hack-for-hire organization named ‘Dark Basin’ last month.
  • The Dark Basin group targeted thousands of individuals and organizations in multiple countries, including senior politicians, government prosecutors, CEOs, journalists, advocacy organizations, and net neutrality campaigners.
  • The multi-year investigation revealed that the Dark Basin is likely connected to BellTroX InfoTech Services (“BellTroX”), an India-based technology company.

Hack-for-hire threats

In May, Google highlighted Indian 'hack-for-hire' companies in a new TAG report. This illustrates that hack-for-hire is a serious problem for all sectors of society, from politics, advocacy, energy, financial, hedge funds, short sellers, journalists, and government to global commerce.