Void Balaur and the Rise of the Cybermercenary Industry

In addition, Void Balaur also offers their customers access to a large amount of private data, which includes information such as flight and travel data (passports and ticket purchases); criminal records; financial records and credit histories; pension funds; and even printouts of SMS messages. It's easy to see why the services of a cybermercenary like Void Balaur is in demand - these types of information can be very useful for a group or an individual who wants to launch an attack on specific targets.

Void Balaur's high-profile targets

What makes Void Balaur's attacks particularly noteworthy is the often-lofty status of its targets. While the threat actor has been known to offer its services to a more general audience - as seen in its online advertisements in the underground - research from groups such as eQualit.ie and Amnesty International show that Void Balaur is likely also involved in attacks against higher profile victims, ranging from human rights activists and journalists to politicians and even presidential candidates. One of the group's more notable campaigns involved attacks that targeted the private email addresses of government officials and politicians in an Eastern European country in September 2021.

Living up to its cybermercenary label, Void Balaur does not limit itself to the geopolitical scene. Organizations that have access to a large amount of private information are also frequent victims of the group. These targets belong to different industries such as the telecommunications, retail, financial, medical, and even the biotech sectors. Organizational leaders and employees that are heavily involved with the company's core business are among the threat actor's favored targets, since these individuals will likely have access to the kind of information the group seeks.

Curtailing cybermercenary attacks

Given what we've seen of cybermercenaries like Void Balaur, it is likely that these groups have access to a large number of tools and infrastructure that allows them to launch attacks even against prominent individuals and organizations. However, this does not mean that practicing and implementing the right security safeguards will not help in defending against cybermercenary attacks. The following security best practices can help both individuals and organizations thwart cybermercenary attacks (and cyberattacks in general):

• Employ the services of a reputable provider that places high priority on security.
• Consider using dedicated two-factor authentication apps or devices such as Yubikey instead of relying on SMS.
• Use encryption systems for communication, especially when it involves sensitive information.
• Encrypt the drives of all computers and other machines that are used to store sensitive information.
• Practice good security hygiene by deleting old emails and messages to minimize the chances of an attacker gaining access to private information.

Learn more about the activities and targets of Void Balaur in our research paper, "Void Balaur: Tracking a Cybermercenary's Activities ".