Researchers discovered a freshly emerged threat group called Atlas Intelligence Group (AIG) after its business model became very notable for analysts. The group is also known as Atlantis Cyber-Army and now uses a unique approach that researchers have not seen in previous attacks.
According to the researchers who first noticed the AIG group, its operators are selling various services through its primary website that anyone can access. In addition, its services include exclusive data leaks, distributed denial-of-service (DDoS) services, stolen databases, and initial access to enterprise networks through the RDP clients and Web shells.
The malicious campaign is outsourced to unaffiliated cybercriminal mercenaries who are not connected to another operation directly. If a user purchases data theft services, malicious spam campaigns, or DDoS services, AIG will endorse the customer and hire independent contractors to execute the confirmed job.
AIG’s operation is the opposite of most threat actors’ schemes since standard threat groups employ identical hacks in all their attacks. Customers of this threat group are also satisfied with its services since it is quite good at maintaining its secrecy.
Additionally, the group prioritises the anonymity of its customers and treats its operation as a business deal instead of standard technical assistance.
The researchers revealed what they know about the cybercrime model of the new threat group.
AIG’s business model strongly emphasises security for its business leader. The new threat group’s leaders are separate from the entities affiliated with the illegal hacking operation. Every AIG team has a leader, key players, and essential members. However, AIG has one leader in charge of everything and everyone.
The group has been active in the cybercriminal landscape for quite some time. Experts believe that if its business model continues to gather experience, it can capitalise on the surging number of hacker-for-hire entities.
Unfortunately, AIG’s business model and efficiency make them harder to detect and potentially threaten the cybersecurity landscape.
