Cyber mercenary group Void Balaur has continued to expand its offerings, including hack-for-hire campaigns. The group has allegedly suffered from disruptions to its online advertising personas but is powering through the setbacks. SentinelLabs recently published an advisory that was unveiled at LABScon last Thursday. The report was written by senior threat researcher Tom Hegel. Void Balaur was first identified in 2019, then again in 2020 and 2021. Most recently the group was investigated by Google’s TAG, who highlighted some of the group’s activity earlier this year.
SentinelLabs found that Void Balaur campaigns that occurred in 2022 targeted several different industries and companies in the US, Russia, and Ukraine. Oftentimes, the group demonstrated particular business or political interests that are tied to Russia. In addition, SentinelLabs identified a connection between the group’s infrastructure and the Russian Federal Protective Service. The attacks conducted by the group are typically generic, opportunistic, and take advantage of multi-factor authentication by attempting to gain access to well-known email services.