30+ Malicious Domains blocked by Google

Written by Mike Boutwell

August 2, 2022

The Threat Analysis Group of Google LLC has revealed that it has effectively blocked more than 30 malicious domains associated with hack-for-hire gangs originating in Russia, India, and the United Arab Emirates. These gangs targeted websites in order to steal sensitive information.

Hack-for-hire companies have been actively targeting email accounts provided by Gmail and Amazon Web Services Inc., amongst other services, in order to carry out corporate espionage attacks against businesses, human rights activists, and journalists. It is thought that the groups are using known vulnerabilities in the security system to carry out their activities opportunistically.

In contrast, the attacks that hack-for-hire organizations carry out are carried out by the group members themselves. This is in contrast to commercial surveillance providers, which, in most cases, sell the capability to hack accounts to an end-user so that they can carry out the hacking themselves. Others openly advertise their goods and services to anyone who is willing to pay for them, in contrast to those hack-for-hire groups that operate more covertly and sell to a more select clientele.

The researchers provided an example of a situation in which they witnessed Indian hack-for-hire organizations engaging with third-party private investigative agencies to deliver material that had been successfully exfiltrated from an operation. It is generally believed that the scope of targets in hack-for-hire campaigns stands in stark contrast to the operations funded by the government, which tend to have a more defined articulation of both their objective and their marks. This is because hack-for-hire campaigns are funded by private companies rather than by the government.

As a direct consequence of the research, the component of Google’s search engine known as “Safe Browsing” has been upgraded such that it now incorporates all of the websites that have been recognized as being utilized by hack-for-hire gangs. Because of this move, we have taken precautions to ensure that our customers will not suffer any harm in the future. In addition, the researchers suggest that users activate Advance Protection and Google Account Level Enhance Safe Browsing to ensure that all of their devices are running the most recent updates.

The relevant facts and indicators were sent to law enforcement by Google’s Cybercrime Investigation Group, which notified them about the incident and shared them with law authorities.

“We appreciate Google’s Threat Analysis Group for taking action on these fraudulent domains utilized by hacker-for-hire gangs,” said Sean McNee, chief technology officer at cyber threat intelligence company DomainTools LLC, in an interview with SiliconANGLE. “Hacker-for-hire gangs were using these fraudulent domains.” These domains are a part of a larger concerted effort being coordinated across multiple domains by advanced persistent threats (APTs) or other well-funded adversaries to achieve their desired goals via outsourced harmful activities. The effort is being carried out as part of a wider concerted effort to achieve these goals.

McNee explained that network defenders need to move more quickly and be more nimble to monitor internet infrastructure changes to resources connecting to their networks or sending them emails or other messages. This is because it is becoming simpler to conceal domain registration and the creation of infrastructure. In addition, those defending the network need to monitor any domains that have recently been registered or are now active.

“It is important to remember that the disparity between attackers and defenders is dynamic and constantly shifting. Now, the defenders have to think about more sophisticated and organized attack plans from mercenaries who have been engaged to accomplish a financial, economic, or even political goal, “McNee added. “It is instructive to note that it is instructive to note that there is an ever-changing disparity between those who attack and those who defend,”

You May Also Like…