New Hacker-for-Hire Threat Actor Unearthed by Security Researchers

A new hacker-for-hire mercenary group, dubbed the Deceptikons group, has been identified that appears to have been active for almost a decade. 

The targets

According to Kaspersky researchers, the primary targets of the group are law firms and fintech companies.  
  • The group has been stealing business and financial secrets from organizations located across Europe, as well as the Middle East countries like Israel, Jordan, and Egypt.
  • The researchers disclosed that the group had been leveraging a spearphishing campaign to actively target some European law firms in 2019.

Attacking strategies

The group has been described as a clever threat actor using social engineering techniques rather than using some sophisticated malware.
  • It has been using zero-day exploits and a set of persistence methods to make their way inside the targeted networks.
  • Several of its attacks used spear-phishing email, which delivered a malicious LNK File on the targeted system, which eventually runs a PowerShell-based backdoor trojan.

Commercialization of Advanced Persistent Threats

The Deceptikons group is not the only hacker-for-hire mercenary group seen around, with some contrasting similarities and differences with the other similar group ‘Dark Basin’.
  • Recently, the Dark Basin group was also found working on hacker-for-hire basis, targeting journalists, elected political members, senior government officials, and multiple industries across six continents.
  • While the Deceptikons primarily targeted law firms and fintech companies in Europe and some Middle East countries like Israel, Jordan, and Egypt, Dark Basin was also seen targeting lawyers involved in corporate litigation and financial services related work across countries including the US, UK, Israel, France, Belgium, Norway, Switzerland, Iceland, Kenya, and Nigeria.
  • The Deceptikons used spear-phishing emails and malicious LNK Files, whereas Dark Basin group was using phishing emails, with a custom URL shortener service to redirect victims to malicious phishing pages.

The bottom line

The commercialization of malicious hacking services is a concerning trend for organizations globally as it has made it easy for entities with hostile intentions to exploit their targets and cause operational, financial, and reputational harm