A review of non-public data by a security vendor has confirmed previous reports linking Appin, an Indian cyberespionage firm [2], to incidents of cyber espionage and surveillance worldwide [1].


Appin [1] [2] [3], which operated covertly as a hack-for-hire organization, provided hacking services to clients globally [3]. Their clients were able to target high-profile individuals such as executives, politicians [1] [2] [3], military officials [1] [2], and wealthy elites [2]. The company was based in New Delhi and used an online portal called My Commando to sell its hacking abilities [3]. Although Appin no longer exists in its original form [1], its members continue to be active in spinoffs [1]. Reuters conducted an investigation [3], speaking to former Appin staff and hacking victims [3], and obtaining internal documents and case files from law enforcement investigations [3]. The victims of Appin and similar hacking companies founded by its alumni have included Russian oligarch Boris Berezovsky [3], Malaysian politician Mohamed Azmin Ali [3], targets of a Dominican digital tabloid [3], and a member of a Native American tribe involved in a casino development [3].


The activities of Appin and similar hacking companies have had significant impacts on individuals and organizations targeted by their services. The confirmation of their involvement in cyber espionage and surveillance highlights the need for increased cybersecurity measures to protect against such threats. Additionally, the continued activity of Appin’s members in spinoffs suggests the need for ongoing vigilance and investigation into these networks. The case of Appin serves as a reminder of the ever-present threat of cyber espionage and the importance of staying ahead of these malicious actors in the digital landscape.


[1] https://www.darkreading.com/attacks-breaches/hack-for-hire-group-sprawling-web-global-cyberattacks
[2] https://www.reuters.com/investigates/special-report/usa-hackers-appin/
[3] https://www.wired.com/story/indian-startup-hack-for-hire-security-roundup/