Indian hackers-for-hire are helping litigators around the world turn their lawsuits around by hacking into the opposition and revealing information, quickly becoming an indispensable asset to anyone looking to cut corners.
An investigation by Reuters revealed a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets around the world between 2013 to 2020. The data comes from two email providers the hackers used to send their target emails. Since 2013, Reuters found 35 legal cases in which Indian hackers attempted to obtain documents or other incriminating evidence from one party by sending out phishing emails.
While people involved in a lawsuit were usual targets, their lawyers were often hit as well, with Reuters finding evidence of Indian hackers attempting to break into around 1000 lawyers at 108 law firms. Overall, at least 75 US and European companies, 36 advocacy and media groups several Western business executives were the targets of these hacking campaigns.
In the News: Chinese graduates lured to work digital espionage for APT40 hacker group
India’s growing hacker market
The email database received by Reuters was independently authenticated by six sets of experts, including Syclla Intel and researchers from BAE, Mandiant, LinkedIn, Microsoft and Google.
Google’s Threat Analysis Group (TAG) has also been eyeing Indian hack-for-hire operations since 2012 and has provided a list of domains used by these groups.
- dtiwa.app.link
- share-team.app.link
- mipim.app.link
- processs.app.link
- aws-amazon.app.ink
- clik.sbs
- loading.sbs
- userprofile.live
- requestservice.live
- unt-log.com
- webtech-portal.com
- id-apl.info
- rnanage-icloud.com
- apl.onl
- go-gl.io
The investigation hinges on Sumit Gupta and his company BellTroX which has been previously reported to be involved in hack-for-hire operations. Gupta himself has been charged with hacking in a California criminal case but has never been apprehended by US authorities.
Closer analysis from teams at Mandiant, Google and Linkedin reveals two more companies apart from BellTroX in the space, namely Appin and CyberRoot; Gupta himself used to be an Appin employee. According to court records and cybersecurity researchers, the three companies have shared infrastructure and staff.
According to the Mandiant, Google and LinkedIn teams that reviewed the database, there’s evidence of a mix of hacking activity linked to the three companies between 2013 and 2020.
Appin has disappeared from the internet following a 2013 cybersecurity report that linked it to alleged hacking. As for BellTroX and CyberRoot, both companies have no trace of existence at their listed addresses.
In the News: Novel malware is being used to target popular routers since 2020