Black Hat Hackers Party

Updated: Oct 9, 2023

"The hacker mindset doesn't actually see

what happens on the other side, to the victim."

Kevin Mitnick

Black Hat Hacker Definition

"The hackers don't want to destroy the network. They want to keep it running, so they can keep making money from it."

Vinton Cerf

Black Hat Hackers are criminals who break into computer networks with malicious intent.

They may also release malware that destroys files, holds computers hostage, or steals passwords, credit card numbers, and other personal information.

Black hats are motivated by self-serving reasons, such as financial gain, revenge, or simply to spread havoc. Sometimes their motivation might be ideological, by targeting people they strongly disagree with.

What is a Black Hat Hacker?

"While the vast majority of hackers may be disinclined towards violence, it would only take a few to turn cyber terrorism into reality."

Dorothy Denning

BLACK HAT HACKERS OFTEN START as novice "script kiddies" using purchased hacker tools to exploit security lapses. Some are trained to hack by bosses eager to make money quickly.

The leading Black Hats tend to be skilled hackers who work for sophisticated criminal organizations which sometimes provide collaboration tools for their workers and offer service agreements to customers, just like legitimate businesses.

Black Hat malware kits sold on the dark web occasionally even include warranties and customer service.

"Hacking is not a competitive sport,

and security breaches are not a game!"

Paul J. Fishman

Black Hat Hackers often develop specialties, such as phishing or managing remote access tools. Many get their "jobs" through forums and other connections on the dark web.

Some develop and sell malicious software themselves, but others prefer to work through franchises or leasing arrangements – again, similar to the legitimate business world.

Hacking has become an integral intelligence-gathering tool for governments, but it's more common for Black Hat Hackers to work alone or with organized crime organizations for easy money.

How Black Hat Hackers Work

"To see a hacker actually hacking is not the most interesting thing visually, and it's pretty boring as an actor: a hacker taps on her keyboard.

There's really not much more than that."

Finn Wolfhard

Hacking can operate like big business, the scale of which makes it easy to distribute malicious software. Organizations boast partners, resellers, vendors, and associates, and they buy and sell licenses for malware to other criminal organizations for use in new regions or markets.

Some Black Hat organizations even have call centers, which they use to make outbound calls, pretending to work for a well-known technology organization such as Microsoft.

In this scam, the hacker tries to convince potential victims to allow remote access to their computers or download software.

By granting access or downloading the recommended software, the victim inadvertently enables criminals to harvest passwords and banking information or surreptitiously take over the computer and use it to launch attacks on others.

To add further insult, the victim is typically charged an exorbitant fee for this "help."

"Cyber-terrorism could be defined as the use of computing resources to intimidate or coerce others. Cyber terrorism could be hacking into a hospital computer system and changing someone's medicine

prescription to a lethal dosage as an act of revenge."

Jimmy Sproles + Will Byars

Other hacks are swift and automated and don't involve human contact. In these cases, Attack Bots roam the internet to find unprotected computers to infiltrate, often through phishing, malware attachments, or links to compromised websites.

Black Hat Hacking is a global problem, which makes it extremely difficult to stop.

The challenges for law enforcement are that hackers often leave little evidence, use the computers of unsuspecting victims, and cross multiple jurisdictions.

Although authorities sometimes succeed in shutting down a hacking site in one country, the same operation may run elsewhere, allowing the group to keep going.

REVERSING THEIR REVERSALS

TURNING IT 'ROUND - REVERSING THEIR REVERSALS

Who's Hacking the Hackers: No Honor Among Thieves?

By Cybereason Nocturnus

Research by Amit Serper

INTRODUCTION

Cybereason Nocturnus is investigating a campaign where attackers are trojanizing multiple hacking tools with njRat, a well known RAT. The campaign ultimately gives attackers total access to the target machine.

The threat actors behind this campaign are posting malware embedded inside various hacking tools and cracks for those tools on several websites.

Once the files are downloaded and opened, the attackers are able to completely take over the victim’s machine. In this write-up we present our analysis of the TTPs of the attackers and the indicators of compromise.

In the investigation of this campaign, we have found hundreds of trojanized files and a lot of information about the threat actors infrastructure.

When a CAT turns out to be a RAT

Three of the alleged Cat-Rat hybrids found in a house in Lethabong, Rustenburg, in northwestern South Africa in early 2017. As is often the case with strange hybrids, these animals were killed

by individuals who were shocked at their appearance.

KEY POINTS

Widespread Campaign: We have found a widespread hacking campaign that uses the njRat trojan to hijack the victim’s machine, giving the threat actors complete access that can be used for anything from conducting DDoS attacks to stealing sensitive data.

Baiting Hackers: The malware is spreading by turning various hacking tools and other installers into trojans. The threat actors are posting the maliciously modified files on various forums and websites to bait other hackers.

Using Vulnerable WordPress Websites: The threat actors are hacking vulnerable WordPress installations to host their malicious njRat payloads.

A “Malware Factory”: It seems as if the threat actors behind this campaign are building new iterations of their hacking tools on a daily basis.

MALWARE ANALYSIS

While reviewing some detection data last week, we stumbled on a new detection of njRat in one of the environments we are monitoring.

njRat is popular in the Middle East and gives its operators the ability to hijack the victim’s machine for keylogging, taking screenshots, file manipulation and exfiltration, webcam and microphone recording.

For the rest of this article and more information on these great guys - the good guys - who hack the hackers,

see link in SOURCE section

at end of this article.