Security researchers from Citizen Lab, a think tank based out of the University of Toronto, have linked several cases of corporate espionage cyber attacks to a cyber security company in India. This cybersecurity company is said to be run by a man wanted by the FBI.

Citizen Lab’s researchers have been investigating a criminal ‘hack for hire’ operation that primarily uses phishing attacks engineered to provide attackers with remote access to a victim’s system. The operation is alleged to have targeted people across the world, from climate change activists to government officials. The researchers at Citizen Lab have named this criminal service “Dark Basin”.

phishing attacks

In their report Citizen Lab says “We give the name Dark Basin to a hack-for-hire organization that has targeted thousands of individuals and organizations on six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights defenders. With high confidence, we link Dark Basin to BellTroX InfoTech Services (“BellTroX”), an India-based technology company.”

The report goes on to explain that further additional reports will be released that provide more details surrounding Dark Basin’s activities and who they are targeting.

Based out of New Delhi, BelTrox was established in 2011 and according to their company LinkedIn page they are a “transcription and digital dictation provider for numerous hospitals, clinics, expert witnesses, independent practitioners and commercial organizations”.

The director of BellTroX, Sumit Gupta, has previously been charged by the California federal court with participating in a criminal hacking scheme. Along with 4 others, Gupta was charged “with crimes related to a conspiracy to access the email accounts, Skype accounts, and computers” belonging to several clients of two private investigators. Those private investigators were among the other individuals charged alongside Gupta, who in the indictment is described as being hired by the PIs to access information/accounts without the individual’s authorisation.

The attacks that have been ascribed to Dark Basin, Citizen Lab says that they share many of the same details with the allegations made against Gupta in the indictment in California.