Hackers' large-scale spy-for-hire scheme was caught spying on thousands of individuals. According to ACS's latest report, an obscure Indian tech company has been exposed and traced to have been targeting thousands of organizations including politicians and human rights groups.
The report confirmed that it took more than two years of mapping the infrastructure used by the hackers before the Researchers Citizen Lab exposed the hacker-for-hire scheme dubbed as "Dark Basin."
Hundreds of organizations and thousands of individuals across six continents including high-profile private equity firms in the United States, Greenpeace, and politicians in Mexico were targeted by the group.
The security researchers claimed that Dark Basin is connected to an obscure IT firm based in New Delhi called BellToX InfoTech Services.
"Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients, against opponents involved in high-profile public events, criminal cases, financial transactions, news stories, and advocacy," said the researchers of Citizen Lab.
Spy-For-Hire scheme exposed: Hackers target thousands of politicians and human rights organizations
According to ACS, tens of thousands of malicious messages designed to dupe the victims into handing over login details were sent to the targeted organizations and individuals between 2013 and 2020. The messages were often disguised by the hackers as Facebook login requests, messages from other organizations, or graphic notifications asking the user to unsubscribe from a pornography website.
Although the researchers said that the clients of the hacker-for-hire or Dark Basin groups could not be identified, the process of the hackers in approaching their targets revealed that they had a deep knowledge and understanding of informal organizational hierarchies.
"Some of this knowledge would likely have been hard to obtain from an open-source investigation alone," said Citizens Lab.
"Combined with the bait content . . . we concluded that Dark Basin operators were likely provided with detailed instructions not only about whom to target, but what kinds of messages specific targets might be responsive to," the researchers further explained.
The U.S. digital rights organizations Fight for the Future and Free Press, one of the targets of BellTrox, said that although the wider network was unaffected by the attack, the accounts of a small number of their employees were compromised. The report found out that the organizations targeted by the IT firm were mostly linked to only one side of a contested legal proceeding, business deal, or advocacy issue.
"I didn't help them access anything, I just helped them with downloading the emails and they provided me with all the details," said the owner of BellTrox, Sumit Gupta.
"I am not aware how they got these details but I was just helping them with the technical support," Gupta further explained. BellTrox's owner declined to reveal the company's clients and any wrongdoing in the matter.