After uncovering worldwide cyber espionage campaigns, this may be the largest spy-for-hire operation ever exposed.
You've seen it in the movies. Now it's happening in real life.
An Indian firm called BellTroX is accused of high profile cyber espionage. Reports indicate the company spied on a huge number of individuals and organizations.
[BellTroX] offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.
Cyber spying is not a new game. Though this has taken it to a new level. Unfortunately, the loss of privacy is only part of the cost. Loss of sensitive information can be devastating, like here.
“This is one of the largest spy-for-hire operations ever exposed,” - Citizen Lab researcher John Scott-Railton.
Wondering how someone engages in cyber espionage anyhow? Just like in virtually all cybercrime, it starts with Phishing emails.
Operating from a small room above a shuttered tea stall in a west-Delhi retail complex, BellTroX bombarded its targets with tens of thousands of malicious emails
The victims' organizations vary widely and span the world, but one thing is consistent: they all had an enemy.
On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States.
There are as many as 17 investment management firms also on the list. Notable targets included private equity giant KKR and short sellers Muddy Waters and Safkhet Capital. Short sellers bet against company stocks, often after uncovering and publicizing fraud.
Muddy Waters founder Carson Block said he was “disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX.”
Muddy Waters is no stranger to financial adversaries. After publishing scathing reports on corporate malfeasance, the company and its founder are often targets of smear campaigns. NMC Health is one recent example of this.
In targeting Safkhet Capital, BellTroX's team bombarded Fahmi Quadir with Phishing attacks.
“They were even trying to emulate my sister.” -Fahmi Quadir, founder Safkhet Capital
The attackers targeted Ms. Quadir with very real-looking and sounding messages that appears to come from coworkers and members of her family.
Unfortunately, cyber espionage is real.
The worst news is that BellTroX's clients may never be identified, leaving them free of justice.
It's time to protect your team and your assets from these attacks.