Practice good security hygiene by deleting old emails and messages to minimize the chances of an attacker gaining access to private information.Encrypt the drives of all computers and other machines that are used to store sensitive information.
However, this does not mean that practicing and implementing the right security safeguards will not help in defending against cybermercenary attacks. Given what we’ve seen of cybermercenaries like Void Balaur, it is likely that these groups have access to a large number of tools and infrastructure that allows them to launch attacks even against prominent individuals and organizations. Organizational leaders and employees that are heavily involved with the company’s core business are among the threat actor’s favored targets, since these individuals will likely have access to the kind of information the group seeks. These targets belong to different industries such as the telecommunications, retail, financial, medical, and even the biotech sectors. Organizations that have access to a large amount of private information are also frequent victims of the group. Living up to its cybermercenary label, Void Balaur does not limit itself to the geopolitical scene. One of the group’s more notable campaigns involved attacks that targeted the private email addresses of government officials and politicians in an Eastern European country in September 2021. While the threat actor has been known to offer its services to a more general audience - as seen in its online advertisements in the underground - research from groups such as eQualit.ie and Amnesty International show that Void Balaur is likely also involved in attacks against higher profile victims, ranging from human rights activists and journalists to politicians and even presidential candidates. What makes Void Balaur’s attacks particularly noteworthy is the often-lofty status of its targets. It’s easy to see why the services of a cybermercenary like Void Balaur is in demand - these types of information can be very useful for a group or an individual who wants to launch an attack on specific targets. In addition, Void Balaur also offers their customers access to a large amount of private data, which includes information such as flight and travel data (passports and ticket purchases) criminal records financial records and credit histories pension funds and even printouts of SMS messages. This option is particularly interesting since it would be extremely difficult under normal circumstances to gather the contents of a mailbox without any user interaction, which points to possibilities such as insider assistance or even the compromise of the email provider’s systems. While it offers standard mailbox copies that was likely stolen with the help of credential phishing, Void Balaur also offers copies of mailboxes that have not been interacted with - for a higher price. The group primarily targets email accounts and mailboxes. Although Void Balaur offers a wide range of services, the group’s bread and butter is cyberespionage and information theft, selling highly sensitive information on individuals in underground forums and websites such as Probiv. One of the most prolific cybermercenaries is Void Balaur, a Russian-speaking threat actor group that has launched attacks against different sectors and industries all over the world.
Others, however, prefer to act as “cybermercenaries,” selling their services to anyone willing to pay. Some malicious actors, such as ransomware operators, earn directly from their cyberattacks. Of course, financial gain remains a powerful cybercrime motivation - perhaps even the most common one. Cybercriminals have different motivations: for example, some malicious actors have disruptive political attacks as their objective, while others might be more inclined towards cyberespionage and gathering information on their victims.