The history of cyber mercenary group Void Balaur gets probed by analysts

Threat Group Void Balaur Hacker For Hire APT28 Pawn Storm Threat Hunting Hackers

Security researchers have recently released a report about hacker-for-hire threat group services that have been advertised throughout the cybercrime underground landscape since 2010. The cyber mercenary group, named Void Balaur, has been attacking victims for surveillance and financial gains. Their previous attacks involved firms within the IT and telecom sectors and journalists, activists, and religious leaders.

The threat group was also thought to be related to another group, Pawn Storm or APT28, because of their several attack overlaps. APT28 is a codename for tracking cyberattacks performed by GRU agents, Russia’s military intelligence agency. Pawn Storm is recorded to have targeted about a dozen email addresses from 2014 to 2015, while Void Balaur from 2020 to 2021.

Another angle that experts look at is that the attacks could be linked to the RocketHack[dot]me’s infrastructure, a website that advertises on-demand hacking services. The site was also linked in several advertisements from Russian-based underground forums, including Tenec, Probiv, and Darkmoney, as far back as 2017.

Experts also highlighted that the cyber mercenary group has never marketed themselves within underground forums that are not Russian language-based.

The advertisements describe the cyber mercenary group’s ability to intrude on their victims’ email addresses and social media accounts. This activity is consistent since there have been multiple phishing sites and regular info stealer malware that the experts identified to be associated with Void Balaur’s infrastructure.

The researchers have also added that back in 2019, Void Balaur started the sale advertisement of confidential information of Russian individuals, including passport details, telephone records, banking transactions, criminal records, driver licenses, and more.

Despite being clueless about how the cyber mercenary group acquired a large amount of sensitive data, they highlighted that it is beneficial for the underground landscape in Russia, where the data is exploited to perform and hide more graver crimes.

Experts have also detailed the cyber mercenary group’s attacks against journalists and activists.


They said that Void Balaur targeted journalists and human rights activists in Uzbekistan back in 2016 and 2017.


The crimes of the cyber mercenary group do not stop there, with records that link them attacking political parties that have also spiked and been diversified. Last year, there were attack incidents regarding the 2020 Belarus elections’ presidential candidates. Furthermore, the group have also attacked politicians and officials from Slovakia, Armenia, Italy, Kazakhstan, Ukraine, Russia, France, and Norway.

Private companies were not safe from Void Balaur’s attacks as well, including one from Russia, where they targeted a well-known Russian billionaire who owns one of the largest Russian conglomerates. Experts also listed down some firms that the cyber mercenary group had records of attacks, including medical insurance firms, ATMS machine vendors, and business aviation companies, to name a few.

Nevertheless, experts admit that there is still an extensive list of theories and unanswered questions regarding the cyber mercenary group, Void Balaur. One of them includes why the Russian law enforcers did not crackdown on the group’s attacks against their country.

About the author

Leave a Reply