The New Yorker:

The country has developed a lucrative specialty: cyberattacks for hire

By David D. Kirkpatrick

In the summer of 2020, Jonas Rey, a private investigator in Geneva, got a call from a client with a hunch. The client, the British law firm Burlingtons, represented an Iranian-born American entrepreneur, Farhad Azima, who believed that someone had hacked his e-mail account. Azima had recently helped expose sanctions-busting by Iran, so Iranian hackers were likely suspects. But the Citizen Lab, a research center at the University of Toronto, had just released a report concluding “with high confidence” that scores of cyberattacks on journalists, environmentalists, and financiers had been orchestrated by BellTroX, a company, based in New Delhi, that was running a giant hacking-for-hire enterprise. The operation had targeted numerous Americans. Burlingtons wondered: could Rey try to find out if Azima had been another BellTroX victim? He said yes.

Researchers at Citizen Lab had learned of BellTroX’s activities from someone that the company had tried to trick with “spear phishing”—sending a bogus message to trick a recipient into providing access to personal data. Citizen Lab spent three years investigating BellTroX, including by analyzing Web sites used to shorten and disguise phishing links, combing through social-media accounts of BellTroX’s employees, and contacting victims. Reuters, in coördination with Citizen Lab, published an exposé on BellTroX the same day as the report. But BellTroX’s owner denied any wrongdoing, the Indian authorities never publicly responded to the allegations, and the accusations remained unconfirmed.

Go to link