The hack-for-hire business is thriving. It’s the latest innovation in a bustling market for buying access to government and corporate networks in a range of industries.
The new code, uncovered by analysts can be used to remotely take over victim devices, and it interacts with the attackers via a communications-concealing protocol. The group responsible for the malware, known theatrically as DeathStalker, has been around for at least eight years but has only drawn public scrutiny in recent months, according to Kaspersky. And researchers have more digging to do.
The hacking tool is called PowerPepper because the malicious code is delivered via an image of what appears to be a picture of a fern or peppers, a technique known as steganography. The hacking group used one-off social network accounts and VPN services to cover their tracks
Some decoy contents that have been leveraged during infections show a possible targeting of industrial organizations in Mexico and Turkey, and organizations in the UK.
Earlier last month hack-for-hire group, dubbed CostaRicto, that was using custom malware to try to break into organizations in Bangladesh, India and several other countries.
Whether the intrusion attempts in this case have been successful remains unclear. But the attackers are giving themselves a chance for success by sending spearphishing emails with themes as varied as carbon emission regulations, the coronavirus and travel, depending on the target’s interest.
The hack-for-hire market is driven by cash-flush organizations that don’t want a malicious campaign traced back to them. The hacking mercenaries’ clients are hard to identify, but the targets often suggest government involvement.