High Profile Hacker Groups to be Aware of Right Now

Blog / High Profile Hacker Groups to be Aware of Right Now

High Profile Hacker Groups to be Aware of Right Now

The very first hackers came out of MIT back in the late sixties, but at the time their goal was to improve the software and hardware they had to work with. Since then hacking has evolved and become more malicious. Major companies have become targets, millions of dollars have been stolen and even confidential government documents have been leaked. Hackers are now a major part of modern society. Here are some of the most high profile hacking groups out there today, let's take a look at some of what they’ve done. 

Fancy Bear 

Fancy Bear is a Russian based cyber espionage group that security researchers believe to have been operating since 2008 and represent a constant threat to a wide variety of organisations around the globe. They typically employ both phishing messages and credential theft using spoofed websites. Their primary targets include government, defence, media and Russian dissidents. 

Earlier in the month Google’s Threat Analysis Group (TAG) sent out warnings to roughly 14,000 Gmail users that they may have been targeted by a phishing campaign from Fancy Bear. These warnings indicated targeting, not necessarily compromise. However despite the fact that Google probably blocked the attempts this serves as a reminder to people to take prudent steps to protect yourself because you may well be a potential target for the next attack. 

REvil 

REvil is a private ransomware as a service operation, thought to operate in Russia due to the fact the group does not target Russian organisations or those in former Soviet-bloc countries.  

Cyber criminals can lease REvil ransomware and add their own tools and resources for targeting and implementation. As a result, the impact of an attack involving REvil ransomware is highly variable and can cause difficulties for defenders as it is hard to know what to expect and look out for.   

After an attack the group usually threatens to publish stolen data on their website ‘Happy Blog’ unless the victim pays the demanded ransom. REvil recruits affiliates to distribute the ransomware for them and as a part of the arrangement the affiliates and ransomware developers split the profits accumulated from ransom payments. 

On the 2nd July 2021 REvil launched a massive attack that encrypted 60 managed service providers and more than 1,500 businesses using a zero-day vulnerability in Kaseya’s Virtual System Administrator (VSA) platform.  

Days after the attack the group disappeared without any indication as to how or why and their servers and payment sites were down, while its spokesperson, who goes by ‘Unknown’ was unresponsive. 

Elements of the group's infrastructure have started to come back online and their website ‘Happy Blog’ has returned, as well as the portal REvil operators use to negotiate with victims. 

If the victims of attacks involving REvil are anything to go by, smaller organisations are likely to be at risk as well as larger well known companies. This is because cyber criminals are likely to look for an easy target and all sorts of hackers can use REvils ransomware for different reasons, so you never know whether you could be the target of an attack. This serves as another reminder that nobody can fly under the radar and we are all vulnerable to cyber crime. You need to take measures to protect yourself and have plans in place should you suffer a breach. 

ShinyHunters 

ShinyHunters is a criminal black-hat hacker group, believed to have been involved in numerous data breaches with information often being sold on the dark web. 

ShinyHunters breached Tokopedia in May 2020 revealing 15 million user records which included names, emails, locations, addresses and passwords. Also in January 2021 the group was reported to have leaked the full Bonobos backup cloud database to a hacker forum. The database contained the address, phone numbers, and order details for 7 million customers as well as 3.5 million partial credit card records.  

Judging by the nature of the hacks carried out by this group it is fair to say that their intent is purely personal gain. It is also wise to assume that given their targets, they do not discriminate about potential victims.

What Can Securiwiser Do for Businesses? 

Securiwiser will monitor your devices, website and network twenty-four-seven to ensure that the security posture of your business remains uncompromised. Each aspect of your security will be graded so you know exactly where security needs tightening. If a breach of any kind is detected, you will be notified immediately and a report detailing the findings will be sent to you. You will receive the relevant information to remedy the situation yourself or told where to find the appropriate help to fix the issue.

How secure is

your business?

Security test

How secure is

your business?

Security test