social media hackers for hire

Introduction：

1、Unheralded Indian IT firm was running world's largest hack-for-hire service

2、Meta kicks out 7 hacking-for-hire companies - It includes an Indian one

3、Uncovered： APT 'Hackers For Hire' Target Financial, Entertainment Firms

Unheralded Indian IT firm was running world's largest hack-for-hire service ♂

　　An unheralded and unheard of Indian company based out of Delhi, BellTrox InfoTech Services, is alleged to have been spying on investors, politicians, lawyers, and environmental groups across the world for seven years, according to an investigative report.

　　BellTrox, it is claimed, hacked into, and spied on, over 10,000 email accounts of targets across countries and professions, including judges in South Africa, politicians in Mexico, lawyers in France, environmental groups and journalists in the US and gambling tycoons in the Bahamas.

　　According to a Reuters report, aspects of BellTroX's hacking spree aimed at American targets are currently under investigation by the US law enforcement agency.

　　Though Reuters has scooped the news, the actual investigation into the shady shenanigans was carried out by Toronto-based internet watchdog Citizen Lab. Apparently, it spent over two years investigating the ‘Hack-For-Hire Operation’, and it now claims BellTrox was “one of the largest spy-for-hire operations ever exposed”.

　　Interestingly, there is no mention of any Indian target being hacked into by BellTrox.How to protect against remote-working cyber threatsThese countries are the most vulnerable to cybercrimeCybercrime cost victims billions last yearMoney now the biggest driving factor behind cybercrime

　　BellTrox's owner, identified as one Sumit Gupta, has refused to disclose who had hired him and also denied any wrongdoing.

　　It is, however, said that in 2015, the US indicted several US-based private investigators and also Sumit Gupta (whom it notes also uses the alias Sumit Vishnoi), for their role in a hack-for-hire scheme. An aggregator of Indian corporate registration data lists Sumit Gupta as the director of BellTroX, and online postings by a “Sumit Vishnoi” contain references to BellTroX.

　　BellTroX and its employees appeared to have used euphemisms for promoting their services online, including “Ethical Hacking” and “Certified Ethical Hacker.” BellTroX’s slogan is: “you desire, we do!”

　　BellTroX staff activities listed on LinkedIn include: Email Penetration, Exploitation, Corporate Espionage, Phone Pinger, Conducting Cyber Intelligence Operation.

　　Further, BellTroX’s LinkedIn pages, and those of their employees, have received hundreds of endorsements from individuals working in various fields of corporate intelligence and private investigation.

　　Since a few days back, BellTrox's site is throwing up an error message.

　　Among the more recent reports of hacking, BellTrox is believed to have spied on targets like American private equity firm KKR, and equity research firm Muddy Waters Research, though it is unclear who might have hired it for the job.

　　Although they receive a fraction of the attention devoted to state-sponsored espionage groups, it is said that "cyber mercenary" services are widely used across countries.

　　As per the investigations, the data scooped up provide insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords. The messages were reportedly sent by BellTroX between 2013 and 2020.

　　Despite the indictment, BellTroX and other companies that provide these services publicly promote their activities. This, analysts say, suggests that companies and their clients do not expect to face legal consequences and that the use of hack-for-hire firms may be standard practice within the private investigations industry.

Meta kicks out 7 hacking-for-hire companies - It includes an Indian one ♂

　　Meta, which has been under fire for turning a blind eye to companies pursuing 'digital espionage' on its platform, finally seems to have cracked the whip. Meta has kicked out seven “surveillance-for-hire” companies, including an Indian one, that apparently used the platform to target at least 50,000 individuals across 100 countries for unlawful sleuthing operations, some of which included the deployment of spyware.

　　Meta has culled hundreds of accounts belonging to firms known as Israeli Cobwebs Technologies, US companies Cognyte, Black Cube, Bluehawk CI, Macedonia-based Cytrox, an unknown entity in China, and India-based BellTroX. Meta has sent cease and desist letters to the six named companies.

　　"While these 'cyber mercenaries' often claim that their services only target criminals and terrorists, our months-long investigation concluded that targeting is in fact indiscriminate and includes journalists, dissidents, critics of authoritarian regimes, families of opposition and human rights activists," Meta said in a statement.Are you a target of Pegasus spyware? Get an iPhone and stay safePegasus Spyware: Is your mobile ever really safe from being hacked?

　　The global surveillance-for-hire industry targets people to collect intelligence, manipulate and compromise their devices and accounts across the internet. And this move by Meta comes on the back of larger attempts by American tech companies, and civil society in general against purveyors of digital espionage services, notably the Israeli spyware company NSO Group, which was blacklisted earlier this month.

　　Meta itself had earlier sued the NSO Group in 2019 for allegedly using its messaging app WhatsApp to deploy malware used for spying on 1,400 mobile devices. NSO Group has disputed the claim.

　　Giving a broad overview of how these seven blacklisted companies operated, Meta sliced their surveillance activities into three phases: Reconnaissance, Engagement and Exploitation.

　　"Each phase informs the next. While some of these entities specialize in one particular stage of surveillance, others support the entire attack chain," Meta said.

　　It added: "As a result of our months-long investigation, we took action against seven different surveillance-for-hire entities. They provided services across all three phases of the surveillance chain to indiscriminately target people in over 100 countries on behalf of their clients."

　　Only the unidentified Chinese firm and Cytrox had gotten to the exploitation stage, as per Meta.

　　Meta has shared its findings with security researchers, other platforms, and policymakers so they can take appropriate action. It also alerted around 50,000 people who it believes were targeted by these malicious activities. Meta could not identify how many of the possible victims were attacked with malware or other exploitation software.

　　BellTroX InfoTech Services being banned by Meta as a cyber mercenary does not come as a surprise. For, in June last year, the Toronto-based internet watchdog Citizen Lab, in an investigation report, had claimed that BellTrox, owned by one Sumit Gupta, and headquartered in New Delhi, had hacked into, and spied on, over 10,000 email accounts of targets across countries and professions, including lawyers, doctors, activists, and members of the clergy in countries including Australia, Angola, Saudi Arabia, and Iceland.

　　"We removed about 400 Facebook accounts, the vast majority of which were inactive for years, linked to BellTroX and used for reconnaissance, social engineering and to send malicious links," Meta said in its yesterday report.

　　BellTrox's activity on Meta platform was limited and sporadic between 2013 to 2019, after which it paused.

　　"BellTroX operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an attempt to social-engineer its targets to solicit information including their email addresses, likely for phishing attacks at a later stage," Meta said in its report.

　　This activity, based on the exact same playbook, re-started in 2021 with a small number of accounts impersonating journalists and media personalities to send phishing links and solicit the targets’ email addresses.

　　Interestingly, at least going by Meta's report, BellTrox had not hacked into any Indian target.Protect your devices with these best antivirus software

Uncovered： APT 'Hackers For Hire' Target Financial, Entertainment Firms ♂

　　A hackers-for-hire operation has been discovered using a strain of previously undocumented malware to target South Asian financial institutions and global entertainment companies.

　　Dubbed "CostaRicto" by Blackberry researchers, the campaign appears to be the handiwork of APT mercenaries who possess bespoke malware tooling and complex VPN proxy and SSH tunneling capabilities.

　　"CostaRicto targets are scattered across different countries in Europe, Americas, Asia, Australia and Africa, but the biggest concentration appears to be in South Asia (especially India, Bangladesh and Singapore and China), suggesting that the threat actor could be based in that region, but working on a wide range of commissions from diverse clients," the researchers said.

　　The modus operandi in itself is quite straight-forward. Upon gaining an initial foothold in the target's environment via stolen credentials, the attacker proceeds to set up an SSH tunnel to download a backdoor and a payload loader called CostaBricks that implements a C++ virtual machine mechanism to decode and inject the bytecode payload into memory.

　　In addition to managing command-and-control (C2) servers via DNS tunneling, the backdoor delivered by the above-mentioned loaders is a C++ compiled executable called SombRAT — so named after Sombra, a Mexican hacker, and infiltrator from the popular multiplayer game Overwatch.

　　The backdoor comes equipped with 50 different commands to carry out specific tasks (can be categorized in core, taskman, config, storage, debug, network functions) that range from injecting malicious DLLs into memory to enumerating files in storage to exfiltrating the captured data to an attacker-controlled server.

　　In all, six versions of SombRAT have been identified, with the first version dating all the way back to October 2019 and the latest variant observed earlier this August, implying that the backdoor is under active development.

　　While the identities of the crooks behind the operation are still unknown, one of the IP addresses to which the backdoor domains were registered has been linked to an earlier phishing campaign attributed to Russia-linked APT28 hacking group, hinting at the possibility that the phishing campaigns could have been outsourced to the mercenary on behalf of the actual threat actor.

　　This is the second hackers-for-hire operation uncovered by Blackberry, the first being a series of campaigns by a group called Bahamut that was found to exploit zero-day flaws, malicious software, and disinformation operations to track targets located in the Middle East and South Asia.

　　"With the undeniable success of Ransomware-as-a-Service (RaaS), it's not surprising that the cybercriminal market has expanded its portfolio to add dedicated phishing and espionage campaigns to the list of services on offer," Blackberry researchers said.

Related questions

When discussing "social media hackers for hire," it's crucial to address the topic with an emphasis on ethics, legality, and security. Here's a structured breakdown:

1. Legality and Ethics

• Illegal Activity: Hacking social media accounts without consent violates laws globally (e.g., the Computer Fraud and Abuse Act in the U.S., GDPR in the EU). Penalties include fines, imprisonment, and civil liability.
• Ethical Concerns: Unauthorized access breaches privacy and trust, often harming relationships or reputations.

2. Risks of Hiring Hackers

• Scams: Many services are fraudulent, taking payment without delivering results or exploiting clients through blackmail.
• Legal Exposure: Both hackers and clients risk prosecution. Even attempting to hire a hacker can be a criminal offense.
• Security Risks: Sharing personal information with hackers may lead to further exploitation (e.g., identity theft).

3. Protecting Your Accounts

• Strong Security Practices:
  • Use complex, unique passwords and a password manager.
  • Enable two-factor authentication (2FA).
  • Regularly update recovery email/phone settings.
• Phishing Awareness: Avoid clicking suspicious links or sharing login details.
• Monitor Activity: Check login alerts and account activity regularly.

4. If You’ve Been Hacked

• Immediate Action:
  • Use platform recovery tools (e.g., Facebook’s "Forgot Password").
  • Contact the platform’s support team.
  • Secure linked email/phone numbers.
• Notify Contacts: Warn friends/family to avoid scam messages sent from your account.
• Report the Crime: File a report with law enforcement (e.g., FBI’s IC3, local cybercrime units).

5. Ethical Alternatives

• For Suspicion or Disputes:
  • Address concerns through direct communication or mediation.
  • Seek legal advice (e.g., for harassment or fraud cases).
• Ethical Hacking: Legitimate cybersecurity professionals (white-hat hackers) can help secure accounts, but only with explicit permission.

6. Reporting Illegal Services

• To Platforms: Report profiles/ads offering hacking services to social media platforms (e.g., via "Report" features).
• To Authorities: Notify agencies like the FTC, IC3, or your national cybercrime unit.

Final Notes

• Avoid Shortcuts: There are no legitimate services for hacking others’ accounts. Focus on ethical solutions and proactive security measures.
• Seek Help: If you’re a victim, reach out to cybersecurity experts or legal professionals for assistance.

Always prioritize privacy, legality, and ethical behavior when navigating digital spaces. If in doubt, consult a legal professional or cybersecurity expert.