Thousands of individuals and hundreds of institutions on six continents have been targeted by hacking groups since 2013, according to Citizen Lab, an Internet monitoring group based at the University of Toronto.

The group, which Citizen Lab calls "Dark Basin," often appears to use spear-phishing emails to launch a variety of attacks against advocacy groups, journalists, government officials, politicians, judges, lawyers, hedge funds, and corporations.

A parallel investigation by NortonLifelock, calling the hacking group "Amanda the Mercenary," reached the same conclusion.

According to NortonLifelock, more than half of the entities targeted were located in the United States, and about one-third of the organizations and individuals targeted worldwide were in the financial sector. Other entities included law firms in the U.S., Europe, and Israel, and a U.S. political consulting firm.

According to the New York Times, federal prosecutors in Manhattan have already interviewed the environmental groups that received the phishing emails. As part of an ongoing federal investigation, an Israeli private investigator was arrested and indicted last year.

According to the Financial Times, researchers at the Citizen Lab contacted by targeted journalists in 2017 found some 28,000 custom URLs that directed them to credential phishing websites operated by Dark Basin. The targeted journalists also worked for Reuters, according to the Financial Times.

According to researchers at Citizen Lab, Dark Basin targeted a wide range of U.S. nonprofit organizations, including one working on a campaign claiming that ExxonMobil withheld information about climate change for decades.

About 9% of the targeted organizations campaigned on important issues such as climate change, the environment, and net neutrality.

The Rockefeller Family Fund, Center for Climate Research, Greenpeace, International Environmental Law Center, Oil Change International, Public Citizen, Conservation Law Foundation, Union of Concerned Scientists, M+R Strategic Services, 350.org, and others.

Spear phishing campaigns against two groups campaigning for net neutrality, Free Press and Fight for the Future, were documented in a 2017 report by the Electronic Frontier Foundation.

According to Reuters, other targeted groups included private equity giant KKR and Muddy Waters Research, a stock fraud research firm and short seller.

"We initially thought Dark Basin might be state-sponsored, but it quickly became clear from the scope of the targeting that Dark Basin was more likely a hack-for-hire operation. Dark Basin's targets were often only one side of a pending legal proceeding, advocacy issue, or business transaction."

Citizen Lab believes Dark Basin is associated with a New Delhi company called BellTroX InfoTech Services and an affiliate of BellTroX, which advertised itself as offering "ethical hacking."

The researcher asserts: "We link Dark Basin's activities with individuals working for an Indian company called BellTroX InfoTech Services (also known as BellTroX D|G|TAL Security, and possibly other names) with a high degree of trust The director of BellTroX, Sumit Gupta, was indicted in California in 2015 for his involvement in a similar hacking-for-hire scheme.

Gupta, who is free in India, claimed to Reuters that he had done nothing wrong. As of this writing, the BellTrox website has been taken down by the hosting provider, but an archived version of the site can be found at the Internet Archive's Wayback Machine.

The watchdog group explained that hundreds of timestamps in these phishing emails matched the working hours in the Indian UTC+5:30 time zone, and that some of the group's URL shortening services included Indian He explained that the names included.

A San Diego-based private investigator told Reuters that former BellTrox employees provided services using "data intrusion" and "email intrusion." two unnamed former BellTrox employees told Reuters that the company often used by private investigators hired by corporations and politicians to probe the inner workings of their rivals.