AIG Threat Group Launches With Unique Business Model

  /     /     /  
Publicated : 23/11/2024   Category : security


AIG Threat Group Launches With Unique Business Model


The rapidly growing Atlas Intelligence Group relies on cyber-mercenaries to carry out its missions.



A threat group calling itself the Atlas Intelligence Group (AIG, aka Atlantis Cyber-Army) has recently surfaced with what appears to be a somewhat different — and potentially trend-setting — cybercrime model.
Researchers from Cyberint who were the first to spot the group described the threat actor as selling a variety of services via its main website, including access to stolen databases, exclusive data leaks, distributed denial-of-service (DDoS) services, and initial access to enterprise networks via RDP clients and Web shells. Cyberint said this week that its researchers spotted AIG in May and have observed it growing rapidly since then.
What makes the threat actor different from the myriad others with similar offerings is the fact that the operators themselves appear to be entirely outsourcing the actual hacking activities to independent cyber-mercenaries who have no direct connection to the operation. For instance, when a client purchases AIGs DDoS, data theft, or malicious spam services, the group advertises for and hires independent contractors to execute the actual tasks. Thats unlike most threat groups. which recruit and maintain the same team of hackers for different campaigns.
AIGs model appears designed to ensure a high level of operations security for its leaders by keeping them segregated from those doing the criminal hacking activity, according to Cyberint.
AIG is the first group Ive seen that is using this business model, says Shmuel Gihon, security researcher with Cyberint. Every team has its leaders, and every team has key members. But here its different: we have one leader that controls everything and everyone.
AIGs business model appears
designed to take advantage of the growing number of hacker-for-hire groups that have begun surfacing all over the world in recent years. The groups,
many of which operate out of India, Russia, or the United Arab Emirates
, specialize in
breaking into target networks
, stealing data, and carrying out a variety of other malicious activities on behalf of the clients who hire them. One example of such a group is Russia-based Void Balaur, a cyber-mercenary group that researchers at Trend Micro and others have linked to
attacks on thousands of organizations and individuals
for several years.
Gihon says Cyberints analysis of AIGs activities shows it is being run by a secretive individual using the handle Mr. Eagle. This individual appears responsible for initiating all AIG campaigns and plans. Cyberint has so far been able to identify at least four other individuals that are operating under this leader, and who are responsible for tasks such as advertising the groups services, communicating with customers, and operating its Telegram channels.
What makes them different is the fact that they are very good [at] making themselves anonymous and approaching this operation as entrepreneurs and not as technical people, Gihon says. The groups behavior suggests the core members — or at least its leader — were red teamers or malicious hackers that have decided to lead rather than operate.
They have been around in the darknet and in the cybercrime industry for a while and observed how things are operating, he added.
Cyberint said it has observed the group use three different Telegram channels, with thousands of subscribers between them, for its operations.
One of the channels is a marketplace for leaked databases. The databases appear to belong to organizations in different sectors such as government, finance, manufacturing, and technology, from around the world. The collection of databases on sale via the Telegram channel suggests that AIG isnt focusing on any specific region or sector. Rather, the group appears to be targeting organizations that it thinks might be valuable for potential buyers.
Some of the databases are available for as little as 15 euros and contain information such as email and physical addresses, phone numbers, and other information likely of interest to distributors of malicious spam, spear-phishing groups, and hacktivists.
AIG claims that these databases are exclusive, so the assumption is that they obtained it [via] their contractors, Gihon says. Given the low price, it is unlikely that AIG obtained them from a third-party and is reselling them, he says.
AIG has a second Telegram channel that it uses to publish ads for various hacking services that it might be looking for, and where hackers have an opportunity to bid for contracts. The channel serves as the threat groups source for finding malware developers, social engineers, red teamers, and other cyber-mercenaries.
AIGs third Telegram channel, which serves as its communication channel, is where the group posts announcements, lists of intended targets, and other information. The threat actor also maintains an e-commerce store where people can purchase AIGs services and stolen databases using cryptocurrency.
Gihon says AIGs business model gives it a level of flexibility that other threat groups do not have.
The leader is not bound to any one of the members because they are all contractors, he says. So, while other groups have their ups and downs given the fact that they are the same group of people most of the time, Mr. Eagle has the privilege to hire the best of the best anytime, he says. This could make this team very lethal in the end game.

Last News

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
AIG Threat Group Launches With Unique Business Model