Dark Basin: After targeting thousands of individuals and organizations worldwide, the identity and operations of a hack-for-hire group known as Dark Basin has been disclosed by researchers at Citizen Lab. The group conducted commercial espionage against customers or opponents of their clients who hired them. According to Reuters, who broke the news, the group was an Indian-based InfoSec services company called BellTroX according to researchers and former employees of the company. The group would attack their targets by sending highly targeted phishing emails through Gmail accounts or self-hosted email accounts. Through the use of URL shorteners used to mask phishing websites, the websites appeared as legitimate online services such as Gmail, Yahoo Mail, Facebook, and other companies. In total, over 27,591 unique phishing pages were discovered by researchers by tracking the targets of shortened URLs. Several clues led researchers to discover the link between Dark Basin and BellTroX such as working hours and consistent names within the shortened URLs being in line with Indian working times and names. Furthermore, overlaps from employees to Dark Basin were discovered through the use of personal documents being used as bait content when testing the URL shorteners. Social media posts from employees at BellTroX also lead researchers to the conclusion because posts included screenshots of Dark Basin infrastructure. The company denied the allegations that they were behind these attacks credited to Dark Basin, but former employees interviewed by Reuters confirmed the claims.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in