Trend Micro was the first to reveal a more comprehensive picture of this cyber mercenary group, which it suspects has been active since 2015.
Following a year-long investigation, Trend Micro researchers discovered an even broader group of targets, including Russian medical insurance organizations and in-vitro fertilization clinics, ATM vendors and mobile telecom companies.
While the group includes a Russian-speaking threat actor known as “Rockethack,” Hacquebord said it’s unlikely Void Balaur is a nation-state threat group.
Trend Micro has not determined how the group managed to “gather such an extensive array of information, especially with regards to telecom data.” With that data, Void Balaur could sell phone call records with cell tower locations that could reveal who a person has been calling, the duration of the calls, and approximate location of where they were placed.
The research paper cited the use of hacking into the mailboxes of email providers and social media accounts.
Hacquebord said another hallmark of Void Balaur is the group’s targeting time, which can last very long.
Initially, they were tipped off by a long-term Pawn Storm target, which is another name for the Russian cyberespionage group Fancy Bear.
“But we weren’t able to go beyond that to get really deep information,” Hacquebord told SearchSecurity.
Trend Micro urged organizations to implement mitigations against Void Balaur.