ETDA ThaiCERT
Report
Search
Home > List all groups > Dark Basin

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Other threat group: Dark Basin

NamesDark Basin (Citizen Lab)
Mercenary.Amanda (NortonLifeLock)
CountryIndia India
SponsorBellTroX InfoTech Services
MotivationInformation theft and espionage
First seen2013
Description(Citizen Lab) We give the name Dark Basin to a hack-for-hire organization that has targeted thousands of individuals and organizations on six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights defenders. With high confidence, we link Dark Basin to BellTroX InfoTech Services (“BellTroX”), an India-based technology company.

Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities.
ObservedSectors: Financial, Government, Manufacturing, Media, NGOs, Non-profit organizations and journalists, law and consulting firms.
Countries: Austria, Belgium, Brazil, Canada, Cyprus, Czech, France, Germany, Iceland, India, Israel, Italy, Kenya, Mexico, Nigeria, Norway, Russia, South Korea, Sweden, Switzerland, UK, Ukraine, USA.
Tools used
Information<https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/>
<https://www.nortonlifelock.com/blogs/security-response/mercenary-amanda-professional-hackers-hire>
AlienVault OTX<https://otx.alienvault.com/browse/pulses?q=tag:BellTroX>

Last change to this card: 27 August 2020

Download this actor card in PDF or JSON format

Previous: Cyber fighters of Izz Ad-Din Al Qassam, Fraternal Jackal
Next: Deceptikons, DeathStalker

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key