Cyber Security Threat Summary:
For years, a group based in New Delhi called Appin conducted hacking operations globally, targeting various individuals and organizations for clients such as private investigators, government agencies, and corporations. Their operations were sophisticated at times, but also unrefined showcasing a brazen approach to hacking. This group served a diverse clientele spanning across countries like the US, UK, Israel, India, Switzerland, and more. One particularly alarming discovery was a platform known as “MyCommando” utilized by Appin’s clients to order specific hacking services. This platform presented a menu of options enabling the breach of emails, phones, and computers belonging to the targeted individuals or organizations. Despite Appin’s original form no longer existing, its former members continue their activities through various spinoffs, perpetuating the group’s legacy of cyber intrusion and surveillance.

Security Officer Comments:
Researchers discovered a past connection to Operation Hangover, a 2013 report delving into cyber threats aimed at the Norwegian telecom giant, Telenor, and other private firms. It highlighted strong links between the activities of the Appin organization and the observed cyber attacks during this campaign. Recent discoveries confirmed that the malware and infrastructure mentioned in Operation Hangover were indeed controlled by Appin. The investigation into the Indian hack-for-hire group, Appin, highlights the groups enduring threat to businesses, governments, and individuals for over a decade. Their consistent success in executing attacks for diverse clients demonstrates their persistence and capability.

Suggested Correction(s):
Indicators of Compromise have been published by researchers at SentinelLabs that can be used to detect the Hack-for-Hire Group:

https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/

Link(s):
https://www.darkreading.com/attacks-breaches/hack-for-hire-group-sprawling-web-global-cyberattacks