As reported in Forbes, Trend Micro security researcher Feike Hacquebord has detailed the activities of hack-for-hire group RocketHack. The group is primarily Russian-speaking and engages in for-hire theft of account information and private data for high profile individuals and organizations. Hacquebord gained access to an administrative web page used by the criminal group and was able to confirm that RocketHack has infiltrated the email, Telegram, personal computers, and Android phones of as many as 3,500 individuals. The targets include executives, human rights activists, journalists, politicians, network engineers, banks, cell-phone towers, in-vitro fertilization (IVF) doctors, and clinics.
RocketHack sells information to the highest bidder. These clients can include government agencies, corporate espionage groups, and even private individuals, such as stalkers.
Trend Micro hypothesizes that RocketHack proactively targets telecommunications engineers and IVF clinics in order to lay a foundation of reconnaissance for later criminal activities.
The primary tactics for exploitation are phishing via email containing links to fake credential gathering pages for services such as Google Gmail, Protonmail, and Telegram. There is evidence that various Russian email providers are also compromised in a manner that allows deeper access without such phishing methods. The group also installs malware on Android and Windows devices for spying purposes.
Analyst Notes
Individuals and organizations are advised to actively secure their devices with a complete array of security solutions and follow cyber security awareness best practices. Users can mitigate attacks by configuring multi-factor authentication (MFA) and only approving authorized logins to email accounts.
https://www.forbes.com/sites/thomasbrewster/2021/11/10/rocket-hack-hacker-for-hire-targets-belrus-opposition-gmail-protonmail-and-telegram/
