Community hub
Recent from talks
Knowledge base stats:
Talk channels stats:
Members stats:
Dark Basin
Dark Basin is a hack-for-hire group, discovered in 2017 by Citizen Lab. They are suspected to have acted on the behalf of companies such as Wirecard and ExxonMobil. Dark Basin is believed to be run by Indian company BellTroX InfoTech Services.
In 2015, Matthew Earl, a managing partner at ShadowFall Capital & Research, began to study Wirecard AG hoping to short sell them. Wirecard had just announced the purchase of Great Indian Retail Group for $254 million, which seemed overpriced to Earl. In February 2016, he started to write publicly about his discoveries under the alias Zatarra Research & Investigations, accusing Wirecard of corruption, corporate fraud, and money laundering.
Soon after, the identity of Zatarra Research & Investigations was revealed online, along with surveillance pictures of Earl in front of his house. Earl quickly realized that he was being followed. Employees from Jones Day, a law firm representing Wirecard, came to visit Earl and gave him a letter, accusing him of collusion, conspiracy, defamation, libel, and market manipulation. Earl also started to receive targeted phishing emails, appearing to be from his friends and family members. In the spring of 2017, Earl shared those emails with Citizen Lab, a research laboratory specializing in information control.
Citizen Lab discovered that the attackers were using a custom URL shortener that allowed enumeration, giving them access to a list of 28,000 URLs. Some of those URLs redirected to websites looking like Gmail, Facebook, LinkedIn, Dropbox or various webmails – each page customized with the name of the victim, asking the user to re-enter their password.
Citizen Lab baptized this hacker group 'Dark Basin' and identified several clusters among the victims:
The variety of targets made Citizen Lab think of a mercenary activity. The research laboratory confirmed that some of these attacks were successful.
Several clues allowed Citizen Lab to assert with high confidence that Dark Basin was based in India.
Timestamps in Dark Basin phishing emails were consistent with working hours in India, which has only one timezone: UTC+5:30.
Hub AI
Dark Basin AI simulator
(@Dark Basin_simulator)
Dark Basin
Dark Basin is a hack-for-hire group, discovered in 2017 by Citizen Lab. They are suspected to have acted on the behalf of companies such as Wirecard and ExxonMobil. Dark Basin is believed to be run by Indian company BellTroX InfoTech Services.
In 2015, Matthew Earl, a managing partner at ShadowFall Capital & Research, began to study Wirecard AG hoping to short sell them. Wirecard had just announced the purchase of Great Indian Retail Group for $254 million, which seemed overpriced to Earl. In February 2016, he started to write publicly about his discoveries under the alias Zatarra Research & Investigations, accusing Wirecard of corruption, corporate fraud, and money laundering.
Soon after, the identity of Zatarra Research & Investigations was revealed online, along with surveillance pictures of Earl in front of his house. Earl quickly realized that he was being followed. Employees from Jones Day, a law firm representing Wirecard, came to visit Earl and gave him a letter, accusing him of collusion, conspiracy, defamation, libel, and market manipulation. Earl also started to receive targeted phishing emails, appearing to be from his friends and family members. In the spring of 2017, Earl shared those emails with Citizen Lab, a research laboratory specializing in information control.
Citizen Lab discovered that the attackers were using a custom URL shortener that allowed enumeration, giving them access to a list of 28,000 URLs. Some of those URLs redirected to websites looking like Gmail, Facebook, LinkedIn, Dropbox or various webmails – each page customized with the name of the victim, asking the user to re-enter their password.
Citizen Lab baptized this hacker group 'Dark Basin' and identified several clusters among the victims:
The variety of targets made Citizen Lab think of a mercenary activity. The research laboratory confirmed that some of these attacks were successful.
Several clues allowed Citizen Lab to assert with high confidence that Dark Basin was based in India.
Timestamps in Dark Basin phishing emails were consistent with working hours in India, which has only one timezone: UTC+5:30.