A little-known Indian IT firm offered its phishing services to help clients spy on more than 10,000 email accounts over a period of seven years.
New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.
Aspects of BellTroX’s hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told Reuters. The U.S. Department of Justice declined to comment. Reuters does not know the identity of BellTroX’s clients. In a telephone interview, the company’s owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.
Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report here on Tuesday saying they had "high confidence" that BellTroX employees were behind the espionage campaign. New-school security awareness training can ensure your users can spot the warning signs and report any suspicious behavior.
Reuters has the full story: https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idUSKBN23G1GQ
New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!
