A new for-hire cyber-criminal group is now feeling the tech talent shortage as per the rest of the sector, & is now recruiting so-called “cyber-mercenaries” to conduct specific illegal hacks that are part of larger criminal campaigns.
Known too as the ‘Atlantis Cyber-Army,’ the new organisation has a mysterious leader & offers a range of services, including exclusive data leaks, DDoS & RDP.
Atlas Intelligence Group
Named Atlas Intelligence Group (A.I.G.), the gang has been seen by security researchers recruiting independent black-hat hackers to execute specific aspects of its own campaigns. A.I.G., also known as Atlantis Cyber-Army, functions as a cyber-threats-as-a-service criminal enterprise.
The threat group markets their services that include data leaks, distributed denial of service (DDoS), remote desktop protocol (RDP) hijacking & additional network penetration services, according to a Thur. report by threat intelligence co. Cyberint.
“A.I.G. has introduced us to ‘out-of-the-box’ thinking,” Cyberint’s Shmuel Gihon wrote in the report.
A.I.G., according to researchers, is unique in its outsourcing approach to committing cyber-crimes. Organised threat groups tend to recruit individuals with certain capabilities that they can reuse & incentivise them with profit sharing. E.g., Ransomware-as-a-Service organised crime campaigns can involve many threat players, with each getting a share of any extorted funds or digital assets stolen.
What makes A.I.G. so different is that it outsources ‘specific aspects’ of an attack to “mercenaries” who then have no further involvement in the attack.
The report’s author, Gihon, stated only A.I.G. administrators & the group’s leader—dubbed Mr. Eagle—know fully what the campaign will be & outsource isolated tasks to ‘hired guns’ based on their skillsets.
The unusual business model also lets the group, which has been operating from early May, to offer a range of cyber-criminal services instead of a single core skill, he observed.
“While many groups are focusing on 1, perhaps 2, services that they offer, Atlas seems to grow rapidly & expand its operations in an efficient way which allows them to offer many services,” Gihon wrote.
A.I.G. tends to target got. & state assets in countries all over the world, including the US, Pakistan, Israel, Colombia & the United Arab Emirates, researchers found.
Mr. Eagle not only leads the campaigns but also acts as a ‘Chief Marketing Officer, putting much effort into advertising A.I.G.’s various cyber-criminal services, he revealed.
Researchers took a deep look into how A.I.G. operates, communicates & manages its operations, as well observed the specific cyber-criminal services it offers.
DDoS seems to be the group specialty, with Atlas providing solid proof of execution to customers for as little as 20 euros per victim, researchers revealed. The group also offers a popular data-leak services that focuses on anything that might be valuable to potential buyers, Gihon explained.
A.I.G. has published leaked databases from worldwide sources for sale, with a starting price from 15 euros, researchers explained. The group targeted various sectors in the breaches, including education, finance, govt. entities, manufacturing & technology, they outlined.
A.I.G. also has ‘premium services’ that demand more skill & show the group’s progress, researchers stated. One of these products is hacked panels & initial access to organisations, with prices for these services starting from about $1k.
The group also offers “VIP services” that claim ties to people in law-enforcement positions across Europe that can give customers access to sensitive information about specific individuals, researchers outlined.
Telegram is the communication platform of choice for A.I.G., with the group operating 3 different Telegram channels with 1,000s of subscribers, researchers revealed. One is a database marketplace for selling leaked databases, & another is a commercial channel that also includes announcements & updates from the group, they stated.
Atlas also operates a unique Telegram channel in which Mr. Eagle & the group’s administrators publish the contracts that the group offers to those hired to perform attacks.
This lets subscribers to sign-up depending on what they can offer & helps the group recruit various cyber-criminals, such as red teamers, social engineers & malware developers, researchers explained.
Atlas sells its services primarily on an e-commerce store on the site Sellix.io, a forum that offers payment with crypto-currency and acts as a broker, providing the privacy-conscious group with an extra layer of anonymity, Gihon outlined.
“Observing the behaviour of the group in general & the leader in particular, it seems that operation security (OpSec) is a top priority,” he wrote.
Mr. Eagle ‘Has Landed’
The group’s leader is a mysterious figure who seems to run a ‘tight ship’ in terms of his professionalism, exhibiting logical & meticulous decision-making & behaviour that leaves “no room for errors,” Gihon wrote.
“Mr.Eagle tends to have very strict rules in the management of the group, including banning & throwing out scammers & other threat actors that try to advertise their products,” he wrote. “It seems that Mr.Eagle maintains very high reliability among the group.”
This manner of leadership is useful when delegating to general administrators, of which A.I.G. appears to have at least 4 —dubbed ‘El Rojo’, ‘Mr.Shawji’, ‘S41T4M4’ & ‘Coffee’, researchers revealed.
The administrators conduct day-to-day advertising tasks as well as management of group operations & communication channels, researchers stated.
The hired contractors, or “mercenaries,” who conduct the nefarious activities of the group are the ‘lowest rung’ of the A.I.G. ladder.
This part of the group is a ‘revolving door’ of cyber-criminals who are hired to work only on a particular campaign based on their skills, researchers concluded.