Indian IT firm offered a global hackers-for-hire service for 7 years

Cyber company in India offered hacking services to help others spy on email accounts of politicians, journalists, and investors

Dark Basin hacking group linked with Indian IT firm

Dark Basin hacking group linked with Indian IT firm

Litlle-known Indian IT firm secretly offered the global hackers-for-hire service that helped to spy on email accounts over the span of seven years.[1] The New Dehli-based BellTroX InfoTech Services firm targeted officials in Europe, investors in the Bahamas, United Kingdom, and many other high-profile individuals and organizations across six continents, as Reuters uncover.[2] 

According to the latest reports, this Dask Basin[3] hacking group mainly aimed towards advocacy groups, senior politicians, government officials, journalists, human rights defenders, CEOs. This is not the state-sponsored hacking group. Investigations show that hack-for-hire services conduct cyberattacks targeting particular targets on behalf of private investigators or other clients:

Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy.

Dark Basin hacking group linked to obscure IT firm

The initial suspect before the in-depth investigation was a state-sponsored hacking group, but analysis identified the hack-for-hire scheme instead, based on the variety of targets. When the investigation into the Dark Basin group started back in 2017, phishing attacks revealed that attackers used shortened URLs to disguise almost 30,000 phishing links containing targets’ email addresses.

Dark Basin hackers left copies of the phishing kit source code open online, so interaction and credential phishing sites were recorded. The BellTrox employees whose activities overlapped with the hacker group helped to identify the Dark Basin group and link the IT firm to phishing campaigns. Some of them even left personal documents or CVs as bait content when testing their URL shorteners.

Sumit Gupta, the owner of the BellTroX company was indicted in 2015 for the role in a similar hack-for-hire scheme.[4] At the time, two private investigators in California revealed that they have paid Gupta for hacking the accounts of marketing executives.

Remarkable portfolio of targets

As researchers state, this is not the particular hacking group that targets governments in countries based on their beliefs, so the list of victims includes senior government officials and candidates, financial services, banks, pharmaceutical, and other companies across the world. Dark Basin’s targets include American private equity firm KKR, research company Muddy Waters Research.[5] 

Founder of Mussy Waters stated:

Not surprised, to learn that we were likely targeted for hacking by a client of BellTroX.

Hacking attempts by cross-referencing data from various internet providers used by these hackers showed emails received by targets. Part of the campaign was to send emails to trick victims into giving their passwords. Messages from typical emails to horoscopes or porn spam, emulating co-workers or family, aimed to scam people.

Other targets on the list include judges in South Africa, lawyers in France, politicians in Mexico, environmental activists, advocacy groups, digital rights organizations Free Press, Fight for the Future in the United States. There are thousands targeted by BellTroX, and researchers cannot establish how many of these hacking attempts were successful.