Deceptikons for Hire !

Russian cyber-security firm Kaspersky said today in a webinar that it discovered a new hacker-for-hire mercenary group that appears to have been active for almost a decade.

The group, which Kaspersky codenamed Deceptikons, has primarily targeted law firms and fintech companies, according to Kaspersky malware analyst.

Most of the group’s targets are located in Europe, and occasionally some Middle East countries like Israel, Jordan, and Egypt.

The Deceptikons’ group most recent attacks included a 2019 spear-phishing campaign against a set of European law firms, where the group deployed malicious PowerShell scripts to infect hosts.

Deceptikons doesn’t use zero-days

“The group is not technically sophisticated and has not, to our knowledge, deployed zero-day exploits,” Kaspersky said in a post

Kaspersky described the group’s infrastructure and malware as “clever, rather than technically advanced” and with a focus on gaining persistence on infected hosts.

Most attacks seem to follow a similar patter, starting with a spear-phishing email that carries a malicious modified LNK (shortcut) file.

If the victims download and interact with the file (such as clicking it), the shortcut downloads and runs a PowerShell-based backdoor trojan.

Diaz said Kaspersky would be publishing a more complete technical report on Deceptikons activities in the coming weeks.

Second hacker-for-hire group exposed this year

This is the second major hacker-for-hire mercenary group that came to light this year after Belltroxinfotech  as the group behind the Dark Basin APT.

Kaspersky did not link Deceptikons to any real-world entity, for now

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s