As the world grows interconnected, the digital landscape has become a breeding ground for cyber mercenaries and hacker groups, who offer their services on the Dark Web to clients willing to pay for their illicit skills. These nefarious actors seek to exploit vulnerabilities in computer systems for their own ends. From stealing sensitive data to launching cyberattacks, these groups are getting more sophisticated and brazen in their operations.
Recent years have seen an explosion in the number of hacker and cyber mercenary groups selling 0-day exploits, hacking tools, stolen data, account logins and more on the dark web and other dark parts of the internet . These vendors essentially operate as cyberweapons dealers, trading in digital weapons that can be used to attack systems and infiltrate networks.
Many of these groups obtain the vulnerabilities by conducting penetration testing and security research on popular software and services. When they discover an exploit, they keep it confidential and sell access to it on the black market. Some also buy vulnerabilities from individual hackers and researchers and then sell them for a premium. Some have even been caught stealing exploits directly from tech companies or government agencies and spreading them for profit.
One of the best known cyber mercenary organizations is RaaS (Ransomware as a Service). The organizations essentially act as cybercrime affiliates, allowing small groups of hackers and even individual hackers to exploit their infrastructure and sell access to their hacking tools and exploits. In particular, RaaS has enabled the spread of ransomware, a type of malware that encrypts files and requires payment for decryption, providing hackers with an easy-to-use platform to launch attacks.
Services offered by hacking groups on the Dark Web
Cyber mercenaries and hacker groups offer a wide range of services on the black market. These include:
1. Theft and sale of data: Hackers target organizations and individuals to steal sensitive data, such as financial information, personal data and trade secrets. They then sell this data to the highest bidder on the Dark Web, who can use it for identity theft, corporate espionage, or other nefarious purposes.
2. Ransomware Attacks: Ransomware is a type of malicious software that encrypts victim's files, making them inaccessible. The hacker then demands a ransom in exchange for the decryption key. This has become a lucrative business for cybercriminals, with ransom demands often reaching into the tens or even hundreds of thousands of dollars.
3. Distributed Denial of Service (DDoS) Attacks: In a DDoS attack, a hacker floods a target's servers with a flood of traffic, making the target's website or service inaccessible. Hacking groups can offer DDoS attacks as a service to customers who want to disrupt a competitor's operations or for other malicious reasons.
4. Developing Exploits: Exploits are tools and techniques used by hackers to gain unauthorized access to systems and networks. Cyber mercenaries can develop and sell custom exploits to clients who are looking for specific vulnerabilities in their target's systems.
5. Botnet rental: A botnet is a computer network under the control of hackers. Botnets can be used for various purposes, such as launching DDoS attacks or sending spam emails. Hacking groups can lease their botnets to customers for a fee.
The most active and dangerous groups of cyber mercenaries
RaaS – A prolific ransomware cartel that has distributed dozens of ransomware variants and variants. As mentioned, RaaS operates a malware-as-a-service platform for distributing ransomware and botnets. It has enabled thousands of ransomware attacks worldwide.
NCR Group – Specializes in exploiting and selling access to 0-day vulnerabilities, breached systems and stolen data. It has tools and exploits to compromise the software and services of Cisco, Microsoft, VMware and other technology companies.
Evil Corp – A sophisticated criminal organization that conducts large-scale computer fraud, extortion, robberies, and other cyber crimes. They stole over $2,2 billion through fraudulent bank transfers, ATM withdrawals, and other bank robberies.
Cobalt Group – Focuses on multi-stage campaigns that target organizations with network access, malware, phishing attacks, and more. They compromised over 200 financial, technology, telecommunications and defense companies around the world.
How hackers discover and exploit vulnerabilities
Hacking groups use different methods to identify and exploit vulnerabilities in their targets' systems. These include:
1. Zero-day examples: A zero-day exploit is an attack that exploits a previously unknown vulnerability in a software or system. Cyber mercenaries can discover these vulnerabilities through extensive research and testing or by purchasing them from other hackers on the black market.
2. Phishing and Social Engineering: Hackers use phishing emails and social engineering tactics to trick users into revealing their credentials or downloading malware. These techniques can grant the attacker access to the target's systems, allowing him to exploit vulnerabilities and steal data.
3. Malware: Cybercriminals use malware to compromise systems, gain unauthorized access, and exploit vulnerabilities. Examples of malware are viruses, worms, and ransomware.
The unethical nature of cyber mercenary activities
The activities of cyber mercenaries and hacker groups are inherently unethical, as they involve exploiting the vulnerabilities of innocent individuals and organizations for profit. These actions can result in significant financial loss, reputational damage, and in some cases, even physical harm. In addition, the sale of stolen data and exploits on the black market further perpetuates cybercrime by allowing other bad actors to carry out their own attacks.
These cyber mercenaries make money by charging hackers and other criminal groups a percentage of the profits from the attacks and services they facilitate. They essentially function as malicious affiliates, providing tools, infrastructure and access to vulnerabilities and taking a large chunk of the ill-gotten gains. Some also engage in direct attacks and hacking to generate revenue, but most of them make most of their money from the affiliate model.
As cyberthreats continue to evolve and cause ever greater damage, cyber mercenaries and the black market make possible the spread of hacking, exploitation, fraud and other criminal activity. Until mechanisms are in place to better disrupt these organizations, nation states, businesses and individual citizens will remain at risk of potentially devastating cyberattacks. With skilled hackers for hire, any group with enough money can launch sophisticated cyber offensives against their enemies with little risk and little resources. This is an alarming reality, which risks becoming increasingly precarious without a global solution.