Kaspersky, a Russian company cyber security, has discovered a new group of hackers for rent that seems to be active for a decade. This group, which Kaspersky named "Deceptikons", has targeted mainly law firms as well as fintech companies, according to Kaspersky's researcher Vicente Diaz.
According to Diaz, the group seems to be focusing more on stealing business and financial information than on stealing information governments. He added that most of the team's goals are in Europe, but also in Middle Eastern countries, such as Israel, Jordan and Egypt.
The most recent attacks of the "Deceptikons" group include one Phishing 2019 campaign, targeting numerous law firms and fintech companies, where the team maliciously developed PowerShell scripts to infect computers.
In addition, Kaspersky explained that the team is not technically advanced, and does not appear to have zero - day holdings. The Russian cybersecurity company also described the infrastructure and malware of the group as "Smart, but not technically advanced", while the main goal of the team was to acquire access on infected computers.
Most attacks of “Deceptikons” seem to follow a similar tactic, starting with spear-phishing carrying a maliciously modified LNK (shortcut) file. If victims download and click on the file, the shortcut downloads and executes one backdoor trojan based on PowerShell.
In the coming weeks, Kaspersky will publish a more detailed technical report, which will provide more information about the activities of "Deceptikons".
It is worth noting that this is the second large group of hackers for hire that came to light this year, as Citizen Lab had previously revealed that the Indian company BellTroX InfoTech Services was the team behind it Dark Basin APT.
However, Kaspersky does not currently associate Deceptikons with any particular entity.