pricing for hiring candidates via hacker rank(Professional Hire)

Introduction：

1、Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities

2、A new group of cyber mercenaries targets businesses, journalists — including some in Russia

Void Balaur Hackers-for-Hire Targeting Russian Businesses and Politics Entities ♂

　　A hack-for-hire group that was first exposed in 2019 has expanded its focus to set its sights on entities with business or political ties to Russia.

　　Dubbed Void Balaur, the cyber mercenary collective has a history of launching cyberattacks against biotechnology and telecom companies since 2015. As many as 3,500 victims have been reported as of November 2021.

　　"Void Balaur [...] primarily dabbles in cyber espionage and data theft, selling the stolen information to anyone willing to pay," Trend Micro noted at the time.

　　Attacks conducted by the group are typically both generic and opportunistic and are aimed at gaining unauthorized access to widely-used email services, social media, messaging, and corporate accounts.

　　Earlier this June, Google's Threat Analysis Group (TAG) took the wraps off a set of credential theft attacks targeting journalists, European politicians, and non-profit's mounted by the threat actor.

　　"Void Balaur also goes after targets valuable for prepositioning or facilitating future attacks, SentinelOne researcher Tom Hegel said, adding the targets span Russia, the U.S., the U.K., Taiwan, Brazil, Kazakhstan, Ukraine, Moldova, Georgia, Spain, Central African Republic, and Sudan.

　　The hack-for-hire service offering linked to the group is said to be advertised under different personas, such as Hacknet and RocketHack. Over the years, the operators have provided other services, including remote access to devices, SMS records, and real-time location tracking.

　　What's more, the attack infrastructure operated by Void Balaur encompasses more than 5,000 unique domains that claim to be email websites, authentication services, and public services portals.

　　But in what appears to be an operational oversight, one of the domains controlled by the group (accounts-my-mail-gmail[.]com) resolved to an IP address that's owned and operated by the Russian Federal Guard Service (FSO) in early 2022, suggesting a potential connection.

　　Although Void Balaur's attacks are aimed at individuals and organizations across the world, campaigns mounted in 2022 have singled out people that are involved in business and political situations that are of interest to Russia.

　　Also prevalent is the use of highly reproducible phishing emails that mimic local government services or banks to trick targets into providing their account credentials upon clicking a malicious link.

A new group of cyber mercenaries targets businesses, journalists — including some in Russia ♂

　　Trend Micro said on Wednesday it has discovered a new Russian-language cyber mercenary group that has been going after targets ranging from Russian businesses to journalists and politicians.

　　Researchers discovered the group after a long-time target of Pawn Storm, a hacking group connected to Russian intelligence, also known as Fancy Bear and APT28, said in March of 2020 that hackers targeted his wife with phishing emails. Trend Micro found that the indicators didn’t match Pawn Storm, and attributed the attacks to another Russian-language group it named Void Balaur.

　　Unlike APT28, Void Balaur appears to be an independent group willing to hack into the emails of targets as diverse as aviation companies in Russia to human rights activists in Uzbekistan, according to Trend Micro.

　　“Their targets are really a mixed bag,” lead researcher Feike Hacquebord said in an interview. “It looks like a lot of different customers are using them and that that matches with our impression that they are actually a cyber mercenary that can just be hired by about anyone.”

　　The research highlights the growing and unchecked cyber mercenary industry, one that has sparked political and human rights concerns. While nations may see cyber mercenary services as a state asset, hacker-for-hire organizations can easily be turned on their home country, researchers warn.

　　Russian hackers, such as ransomware groups, tend to operate with impunity within the region because of a tacit agreement with the Russian government not to attack Russian targets. Those agreements are less stringent when it comes to stealing and selling Russian individuals’ personal data, which proliferates on Russian-language forums, Hacquebord said.

　　So far, TrendMicro researchers have uncovered more than 3,500 targets of the group. The hackers largely focus on organizations that can provide large sets of personal data, including mobile operators and in vitro fertilization clinics.

　　“Our research revealed a clear picture: Void Balaur goes after the most private and personal data of businesses and individuals then sells that data to whomever wants to pay for it,” Hacquebord wrote in the report.

　　Data sold by the group, which advertises under the name “Rockethack” on Russian-speaking underground forums, includes Russian passport information, Russian airport passenger data, Interpol records and Russian tax records. Trend Micro named the hackers Void Balaur after a multi-headed monster of Eastern European folklore, symbolizing the many goals for which they’re apparently hired.

　　In addition to corporate espionage, Void Balaur has launched major campaigns against political targets. In September, researchers found that the group “targeted the private email addresses of a former head of an intelligence agency, five active government ministers (including the minister of defense) and two members of the national parliament of an Eastern European country.”

　　TrendMicro also with “medium confidence” ties Void Balaur to espionage against Uzbek journalists and activists, a campaign that traces back to a year before Void Balaur first started advertising online in 2017.

Related questions

HackerRank's pricing for hiring candidates through their platform, HackerRank for Work, is tailored to organizational needs and is not publicly disclosed. However, based on common industry practices and available information, here’s a structured breakdown of potential pricing factors and models:

1. Pricing Models

• Subscription Plans:
  • Basic/Starter Tier: May include limited assessments (e.g., 10–20/month), basic question libraries, and standard support. Estimated starting at 25–100/month for small teams.
  • Pro/Enterprise Tier: Custom pricing for advanced features (e.g., unlimited assessments, ATS integrations, live coding interviews, plagiarism detection). Likely 500–2,000+ per month depending on company size and requirements.
• Pay-Per-Assessment: Costs may range from 5–25 per candidate assessment for coding tests or challenges.
• Custom Enterprise Solutions: Tailored quotes for large organizations, often including volume discounts, API access, dedicated support, and SLA guarantees.

2. Key Cost Factors

• Number of Assessments/Candidates: Volume of tests conducted or candidates evaluated.
• Features: Advanced tools like live interviews, role-specific assessments (e.g., AI/ML), or premium question libraries.
• Integrations: Compatibility with ATS (e.g., Greenhouse, Lever) or HR tools may incur additional fees.
• Support: Priority 24/7 support or dedicated account managers (typically in higher tiers).

3. Additional Costs

• Setup/Training: One-time fees for onboarding or team training.
• Candidate Sourcing: Access to HackerRank’s talent pool (if offered) may involve success-based fees (e.g., % of hire salary) or per-contact charges.
• Customization: Fees for tailored assessments or branded career pages.

4. Free Tier

• A limited free version may exist for small-scale use (e.g., 1–3 assessments/month).

5. Recommendation

• Contact Sales: For precise pricing, organizations should request a demo or quote directly from HackerRank’s sales team, as costs vary by company size, hiring volume, and feature requirements.

Note: Pricing details are speculative and may change. Always verify with HackerRank for the latest terms.