Persistent Indian Hack-for-Hire Group Engaged in Targeting the U.S., China, and Other Nations for Over a Decade

In recent revelations, a series of concerning cybersecurity breaches and illicit activities have come to light, involving a company named Appin. Reports indicate that Appin was allegedly involved in orchestrating large-scale data theft attacks targeting political leaders, international executives, sports figures, and various others. However, the company has vehemently denied any association with a hack-for-hire business.

Among the services attributed to Appin was a tool named "MyCommando," also known as GoldenEye or Commando. This tool reportedly allowed customers to access and download campaign-specific data, communicate securely, and select from various task options ranging from open-source research to social engineering and even trojan campaigns.

The scope of these activities extended to targeting nations such as China and Pakistan, pointing toward the involvement of an Indian-origin mercenary group in state-sponsored cyber assaults. Moreover, Appin was allegedly linked to the creation of macOS spyware known as KitM back in 2013.

Further investigations revealed instances of domestic targeting, including the theft of login credentials from email accounts belonging to Sikhs in both India and the U.S. Additionally, the use of domains to host malware in phishing emails was identified, implicating these actions in attacks against specific individuals. Appin was reported to have utilized third-party infrastructure for data exfiltration, command-and-control operations, phishing attempts, and setting up decoy sites.

Safeguard your digital infrastructure with Indian Cyber Security Solutions' VAPT services! Our expert team employs cutting-edge techniques to identify vulnerabilities, perform thorough assessments, and fortify your systems against potential cyber threats. From penetration testing to comprehensive vulnerability assessments, we provide tailored solutions to ensure the utmost security for your organization. Trust us to uncover weaknesses, offer strategic recommendations, and bolster your defenses. Partner with Indian Cyber Security Solutions for robust protection and proactive measures against evolving cybersecurity risks.

In an entirely separate campaign, the group allegedly utilized the domain speedaccelator[.]com as an FTP server, hosting malware used in malicious phishing emails. One such attack targeted an individual in India, later linked to the ModifiedElephant APT. Notably, Patchwork's connections to ModifiedElephant had been previously identified by Secureworks.

Moreover, Appin reportedly relied on private spyware and exploit services from vendors like Vervata, Vupen, and Core Security, alongside leveraging a vast infrastructure acquired from third parties for their cyber operations.

Another tactic involved using a California-based freelancing platform, once known as Elance and now called Upwork, to procure malware from external software developers. Simultaneously, Appin allegedly utilized its in-house team to develop a custom arsenal of hacking tools.

One researcher remarked that these findings highlight the group's persistence and demonstrated success in executing attacks on behalf of a diverse clientele, indicating a concerning track record.

Amidst these revelations, the case of Aviram Azari, an Israeli private investigator, surfaced. Azari was sentenced to nearly seven years in federal prison for computer intrusion, wire fraud, and aggravated identity theft related to a global hack-for-hire scheme spanning from 2014 to 2019. The Department of Justice highlighted that Azari, under the guise of managing "Projects" for intelligence gathering, orchestrated hacking campaigns that specifically targeted certain victim groups.

Azari was also accused of employing mercenary hackers from India, specifically from a company named BellTroX Infotech, also known as Amanda or Dark Basin. This company, founded by Sumit Gupta, was revealed to have ties to Appin, with Gupta reportedly having previously worked for Appin prior to launching BellTroX.

These interconnected revelations shed light on a complex web of cyber operations, involving multiple entities, tools, and methodologies employed for cyber attacks and espionage. The extent of collaboration between different companies, individuals, and their actions for illicit purposes underscores the pressing need for robust cybersecurity measures and legal interventions to counter such pervasive threats.