Google blocked over thirty malicious domains connected to cybercriminal groups in Russia, UAE and India.
The domains actively targeted AWS, Gmail and many other personal accounts to perform corporate espionage against organizations and human activists.
According to the threat analysis group at Google, the criminal groups took advantage of the security flaws to run campaigns. Some were using their domains to openly publicize their services to other users. Google instantly picked up on that.
An Indian criminal group was working with a third party that provided exfiltreted data from succesful businesses. Data was gathered to exploit organizations and their employees at a later stage.
The criminals cleverly circumvented government policies to avoid prosecution. The Indian group is one of many examples. Google has managed to track and block over 30 domains, protecting users from further harm.
Google’s team shared their findings with government officials to help streamline policies against cyberattacks and fraud. “We applaud Google’s Threat Analysis Group for taking action on these malicious domains used by hacker-for-hire groups”, said DomainTools LLC CTO Sean McNee.
“These domains are a part of a larger, concerted effort by adversaries to achieve their desired outcomes via outsourcing malicious activity. It is a lesson that there is an ever-changing asymmetry between attackers and defenders — now defenders need to consider advanced and coordinated attack strategies from mercenaries hired to achieve a financial, economic, or even political end.”