Over 7 yrs. ‘Hack-for-Hire’ group Dark Basin targeted 1,000s of high-profile people

Over 7 yrs. ‘Hack-for-Hire’ group Dark Basin targeted 1,000s of high-profile people

‘Guns for Hire’ Dark Basin group targeted senior government officials, advocacy groups, journalists & hedge funds globally it is now claimed.

It seems that the obscure group in India handled commercial espionage for their paying clients, against opponents in financial transactions, that were involved in high-profile public events, criminal cases, news stories & advocacy, says researchers at Citizen Lab.


The researchers explained that the Dark Basin organisation targeted 1,000s on 6 continents, incl. senior politicians, government prosecutors, CEOs, journalists & human rights advocates.

“With high confidence, we link Dark Basin to BellTroX InfoTech Services (“BellTroX”), an India-based technology company,” the researchers observed by blog.

Business Model

Sarb Sembhi CTO & CISO of Virtually Informed added “This type of business model has been around for a long time, whereas once it was mainly individuals who moved from one business to another, here we have one business that changed its name very slightly, employing attackers over a consistent period which enabled researchers to be able to collate the information.

“The reasons they are being called out now are the same reasons why others haven’t been called out in the past. Such services have always & will always exist as long as state actors & competitors are willing to pay the price and overlook their activities.”

Citizen Lab’s findings

  • Dark Basin targeted advocacy groups & journalists, elected & senior government officials, hedge funds as well as multiple industries.
  • It targeted American non-profits, including those working on a campaign called #ExxonKnew, which claimed ExxonMobil hid information about climate change for decades.
  • The group was behind phishing of organisations working on net neutrality advocacy, as reported by the Electronic Frontier Foundation.
  • Dark Basin was linked with “high confidence” to an Indian company B, BellTroX InfoTech Services & its related entities.
  • Citizen Lab has notified hundreds of those targeted and shared information with the US Department of Justice (DOJ).

Advertise Services

Paul Bischoff privacy advocate at Comparitech.com commented “The most striking part of the Dark Basin operation is how it was able to openly advertise its services without consequence. It clearly did not fear any legal consequences that might arise despite much of its activity being blatantly illegal. I have to wonder, even after Citizen Lab’s report, if authorities will go after Dark Basin.

Scam Operations

“India is home to many phishing & scam operations that go about their business in broad daylight. Even if Dark Basin is shut down, another hack-for-hire business could replace it. So perhaps the best course of action is a further investigation to reveal its clients & take legal action against them.”

In all, more than 10,000 victim email accounts were targeted, according to Reuters.

The New Delhi-based firm targeted govt. officials in Europe, & also gambling tycoons in the Bahamas, Reuters comments.

Global Hacking

Attila Tomaschek, Digital Privacy expert at ProPrivacy, said: “The wide-ranging scope of Dark Basin’s global hacking operation highlights the troubling reality that no individual or organisation is immune to being targeted in a hack-for-hire scheme.

“Elaborate, highly-targeted, & persistent phishing campaigns like the ones launched by Dark Basin operatives are especially nefarious in that they can be dangerously difficult to detect.

“Individuals not sufficiently versed in identifying and avoiding phishing scams, & smaller organisations & advocacy groups without established cyber-security procedures in place can, therefore, be particularly at risk.

“Cyber-risk awareness & education can go a long way in addressing & ultimately curbing the growing threats associated with hack-for-hire schemes.”


Well-known investors in the US including private equity giant KKR & short seller Muddy Waters, were also targeted according to online evidence.

Chris Hauk, consumer Privacy champion at Pixel Privacy said: “The Dark Basin report exposes a troubling development in the world of hacking, which is ‘Hack-for-Hire’. We will continue to see black hat hackers offer their services to the highest bidder in the coming years.

“Sadly, as we have seen in recent weeks, we may see these ‘hired guns; taking aim at more socially conscious groups, such as the NAACP, Black Lives Matter, & other social organisations.”


A large amount of data reviewed by Reuters included 1,000s of malicious messages sent by BellTroX between 2013 & 2020 that aimed to trick victims into handing over passwords.

Jamie Akhtar CEO & Co-Founder of CyberSmart added: “Hackers-for-hire have long existed on the dark web – from self-serve tool-kits to fully managed services involving recon, exploitation & exfiltration of data. It is the cryptocurrency-fuelled marketplace of the digital underworld & accessing those criminal skill-sets has never been easier. With the rapid shift to digital & remote working leaving many businesses vulnerable, people are taking advantage of this resource. Cyber-attacks continue to escalate.


“They are predicted to cost over US $1 trillion (£772 billion) this year. Organisations need to ensure they have all the mechanisms in place to defend against such targeted attacks including the training of staff against social engineering, implementing 2FA & keeping systems up to date. Isolating high-value systems, networks & data stores are also important – ideally moving towards a zero-trust model.”

Brian Higgins, Security Specialist at Comparitech.com further added: “Crime as a Service (CaaS) has been around for many years now. It began with the marketing & sale of ‘off the shelf’ Banking Trojans & has developed from there. Basically, most Cyber-attacks do not require vast technical know-how any longer, as the software required to mount them is available for sale on criminal Internet forums.

Organised Cyber Crime

“The fact that Hackers are hiring out their services is no real surprise. It is just the logical next step for the criminal economy. Organised Cyber Crime follows the same business model as its legitimate counterparts in the digital economy. Supply and Demand – Just without the rules.

“It’s unfortunate but if you want to stage a sophisticated, targeted attack & you have the money to pay for it the criminal talent is clearly turning its hand to yet another way to make some quick cash.”