Cybercrime gangs are recruiting like never before

Threat actors are looking for fresh blood, and are willing to pay big

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A number of leading cybercriminal groups have been observed recruiting new members at an alarming rate, new reports have warned.

Avast’s recent Q3/2022 Threat report found some threat actors have started hiring out of success, others for being pinned down by cybersecurity researchers.

The LockBit group, for example, known for itsransomwarevariant of the same name, was “very active this quarter”, the researchers said.

New projects

New projects

One of the ways Avast saw the group recruiting new members and affiliates was with a new bounty hunting program.

In late June 2022, LockBit released a new version of its encryptor, and to make sure it was airtight, offered $50,000 to whoever finds a vulnerability in the encryption of large database files. There were other bounties on offer, as well. For example, whoever finds out the name of the affiliate boss gets a million dollars.

There are also high payouts for weaknesses found in the encryption process, a vulnerability in LockBit’s website, or vulnerabilities in the TOX messenger or the TOR network.

Furthermore, it offered $1,000 to anyone who would tattoo the LockBit logo onto their body.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The NoName057(16) hacking group, which suffered a major blow after its main Bobik C2 server was taken down and its botnet stopped working, started recruiting for a new project in mid-August this year, the researchers further uncovered. Suspecting they need fresh blood to continue activeDDoSattacks, the researchers observed the threat actor open a new group dedicated to the DDDOSIA project. Late last month, the group counted more than 700 members.

Another record-breaking DDoS attack has been stopped>These Microsoft servers are helping fuel massive DDoS attacks>These are the best ransomware protection services right now

The project lets hackers download an identification binary, allowing them to launch DDoS attacks in exchange for cryptocurrency.

Besides LockBit and NoName057(16), Avast identified almost a dozen botnet operators who are currently actively looking for new members. These include the dreaded Emotet, and Ursnif, but also Phorpiex, Tofsee, MyloBot, Nitol, Dorkbot, MyKings, and Amadey.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A new form of macOS malware is being used by devious North Korean hackers

Scammers are using fake copyright infringement claims to hack businesses

How to turn off Meta AI