Cybercrime gangs are recruiting like never before

(Image credit: Milan_Jovic)

A number of leading cybercriminal groups have been observed recruiting new members at an alarming rate, new reports have warned.

Avast’s recent Q3/2022 Threat report found some threat actors have started hiring out of success, others for being pinned down by cybersecurity researchers.

The LockBit group, for example, known for its ransomware variant of the same name, was “very active this quarter”, the researchers said.

New projects

One of the ways Avast saw the group recruiting new members and affiliates was with a new bounty hunting program. 

In late June 2022, LockBit released a new version of its encryptor, and to make sure it was airtight, offered $50,000 to whoever finds a vulnerability in the encryption of large database files. There were other bounties on offer, as well. For example, whoever finds out the name of the affiliate boss gets a million dollars. 

There are also high payouts for weaknesses found in the encryption process, a vulnerability in LockBit’s website, or vulnerabilities in the TOX messenger or the TOR network.

Furthermore, it offered $1,000 to anyone who would tattoo the LockBit logo onto their body.

The NoName057(16) hacking group, which suffered a major blow after its main Bobik C2 server was taken down and its botnet stopped working, started recruiting for a new project in mid-August this year, the researchers further uncovered. Suspecting they need fresh blood to continue active DDoS attacks, the researchers observed the threat actor open a new group dedicated to the DDDOSIA project. Late last month, the group counted more than 700 members. 

The project lets hackers download an identification binary, allowing them to launch DDoS attacks in exchange for cryptocurrency. 

Besides LockBit and NoName057(16), Avast identified almost a dozen botnet operators who are currently actively looking for new members. These include the dreaded Emotet, and Ursnif, but also Phorpiex, Tofsee, MyloBot, Nitol, Dorkbot, MyKings, and Amadey.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.