For more great content like this see Original article
Void Balaur was initially linked to attacks against human rights activists and journalists in Uzbekistan. More recently, it attacked Belarusian presidential candidates in 2020 and several political leaders in an unnamed Eastern European country. However, the hacking outfit also targeted executives and directors at a very large Russian company between 2020 and 2021, and has been attacking and selling data from telecoms, banks and cryptocurrency users. The group has been linked to the on-demand hacking site RocketHack.me.
It’s not clear just where Void Balaur operates from, or whether it has official government support. There’s some overlap between Void’s targets and those of the Russia-backed APT28 (aka Fancy Bear or Pawn Storm), but not enough to establish a clear link. And while the group has only ever advertised its services on Russian-language sites, it’s not necessarily operating from Russia. We’d add that Russia usually turns a blind eye to cybercriminals only so long as they don’t attack Russian interests — Void doesn’t have problems attacking Russian businesses.
The study illustrates the difficulty in pinpointing the nature of some hackers, let alone catching them. Cybermercenaries also pose a particularly severe threat as they’re often happy to attack any target without reservations. It won’t be surprising if there are more groups like Void Balaur that have simply gone undetected.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.