Void Balaur is a highly active hack-for-hire / cyber mercenary group with a wide range of known target types across the globe. Their services have been observed for sale to the public online since at least 2016. Services include the collection of private data and access to specific online email and social media services, such as Gmail, Outlook, Telegram, Yandex, Facebook, Instagram, and business emails.
Void Balaur was first reported in 2019 (eQualitie), then again in 2020 (Amnesty International). In November 2021, our colleagues at Trend Micro profiled the larger set of malicious activity and named the actor “Void Balaur” based on a monster of Eastern European folklore. Most recently Google’s TAG highlighted some of their activity earlier this year. Building on top of analysis from each of our above colleagues, the purpose here is to share our analysis of interesting findings based on newer activity and the large scale set of attacker infrastructure.
During our inaugural LABScon event today I presented on this very topic – a careless mercenary group known as Void Balaur. Attendees of the conference were given a more detailed overview of the content shared here, including specific details on attribution to individuals in Latvia. In the spirit of LABScon, I look forward to further tracking of this actor alongside our industry colleagues to better protect society.
![[correlate]](/data/avatars/m/79/79653.jpg?1556985072){kind=avatar}
www.sentinelone.com
![[correlate]](/data/avatars/s/79/79653.jpg?1556985072){kind=avatar}