Dark Basin’s reverse advocacy. Honda hacked? Criminal cooperation (and competition). A contraband menu from the dark web.
The University of Toronto's Citizen Lab this morning released a report on a hacker-for-hire operation, "Dark Basin," which targeted "advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries." Dark Basin is said to have been especially interested in US not-for-profits, notably climate change and net neutrality advocates. Citizen Lab says Dark Basin is run by Delhi-based IT and cybersecurity firm BellTroX. The New York Times says US Federal prosecutors are investigating.
Production at Honda plants in Europe, North America, and Japan has been affected by what the company calls a computer "disruption," NBC News and others report. The company is remaining relatively tight-lipped, but BleepingComputer says outside observers think they see signs that the incident was a ransomware attack with a variant of Snake (Ekans).
Here's the latest in a series of fitful attempts at cooperation among criminals, as described this morning by researchers at Digital Shadows. It's a DDoS protection tool, “EndGame” (no connection to the similarly named security company acquired last October by Elastic NV). Denial-of-service attacks have long been a drag on criminal operations, whether these are mounted by underworld competitors or law enforcement agencies. EndGame is a product of collaboration among players in the criminal souks Dread, White House Market, Big Blue Market, and Empire Market. Despite the ransomware cartelization BleepingComputer observes, Trend Micro reports that the underworld remains a low-trust community.
If you're buying commodity cyber contraband à la carte, Privacy Affairs has compiled a representative menu from the dark web.
Gloss