Google slams the door on dozens of hack-for-hire groups

Google has added dozens of new domains to its blacklist, effectively shutting the door on many hack-for-hire groups across the world.

In a new blog post published on the Google Threat Analysis Group (TAG) page, the department’s director, Shane Huntley, said it’s been keeping tabs on numerous hack-for-hire groups since 2012. And today, 37 new domains and websites have been added to its Safe Browsing feature. 

These domains, which include the likes of myproject-login[.]shop, mail-goolge[.]com, or rnanage-icloud[.]com, have been split into three distinct categories: groups from the UAE, India and Russia.

Raising awareness

Google encourages all users, especially high-profile individuals deemed high-risk, to enable Advanced Protection and Google Account Level Enhanced Safe Browsing, and to make sure that all of their endpoints are up-to-date.

The company’s CyberCrime Investigation Group, Huntley further explained, is sharing relevant details and indicators with law enforcement agencies. 

“TAG is committed to sharing our findings as a way of raising awareness with the security community, and with companies and individuals that might have been targeted,” Huntley said in the blog post. “We hope that improved understanding of the tactics and techniques will enhance threat hunting capability and lead to stronger user protections across the industry.”

Hack-for-hire groups deploy various tactics in their operations, Google has found, with social engineering and phishing remaining the most popular avenues to obtain access and deploy stage-two malware. Depending on their location, they will target different groups and firms, from government agencies, to journalists, to NGOs, to organizations in the healthcare and telecom sectors.

In some cases, Google has observed, Indian hack-for-hire firms will work with third-party private investigative services as intermediaries, to provide data. In other cases, they will employ freelancers that are not directly employed by the target firms themselves. 

The full list of group domains Google deemed as malicious can be found on here