"Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years"

Researchers have recently discovered a hack-for-hire group called Dark Basin.  Dark Basin targeted thousands of individuals and organizations worldwide, including advocacy groups, journalists, elected and senior government officials, and hedge funds over seven years.  According to researchers at Citizen Lab, this group also conducted commercial espionage on behalf of their clients, against customers’ opponents involved in high-profile public events, criminal cases, financial transactions, news stories, and advocacy. The group sent highly targeted phishing emails to its targets and targeted more than 10,000 victims.  They used Gmail accounts and self-hosted accounts to send phishing emails. The group uses URL shorteners for masking phishing sites. Researchers over 16 months,  observed 28 unique URL shortener services operated by Dark Basin.  The malicious links led to phishing sites designed to look identical to popular online web services such as Google Mail, Yahoo Mail, Facebook, and others. These landing pages then stole the credentials of victims.

Threatpost reports: "Dark Basin Hack-For-Hire Group Targeted Thousands Over 7 Years"