- Статьи
- Internet and technology
- Hacking to order: how businessmen hire hackers to fight their competitors
Hacking to order: how businessmen hire hackers to fight their competitors
The number of custom-made hacks of IT systems of Russian companies in the second quarter of 2025 increased by 26% compared to the same period last year, experts said. They attribute this trend to increased competition in the market, which pushes organizations to hire hackers to infiltrate competitors' infrastructure. For more information about how businessmen hire cybercriminals to fight competitors, what is the danger of such a practice and what responsibility threatens for it, read the Izvestia article
What is known about hiring hackers to fight business competitors
Alexander Dmitriev, CEO of Neuroinform, told Izvestia that the number of customized hacks of IT systems of Russian companies in the second quarter of 2025 increased by 26% compared to the same period last year. The firm's analysts attribute this trend to increased competition in the market, which pushes organizations to use unfair methods of fighting, including hiring hackers to infiltrate competitors' infrastructure.
Industries most affected by customized attacks (data from Neuroinform):
- Industrial enterprises — 34%;
- Financial organizations — 28%;
- IT companies — 16%;
- Educational institutions — 12%;
- Scientific institutions — 8%.
The main motivation for ordering hacking is the desire to gain a competitive advantage. Companies are trying to take over technological information, client databases, and disrupt the operational activities of other market players to lure their customers.
— Unscrupulous companies commit a "punch in the gut" by attracting hackers, as they allow them to quickly and relatively inexpensively gain access to valuable competitor information — technical documentation, source code, product launch plans, customer databases — and thereby bypass the long and expensive stages of their own development or marketing, as well as learn the company's strategy in advance. a competitor," Mikhail Spitsyn, an expert in the field of cybersecurity and an engineering analyst at Gazinformservice, says in an interview with Izvestia.
What operations can hackers be recruited for against business competitors?
Basically, competitors are interested in commercial information — the customer base, contracts and financial transactions, Ashot Oganesyan, founder of the DLBI data leak intelligence and monitoring service, says in an interview with Izvestia. Much less often, the target is software code or production secrets. Moreover, hackers can be used both to steal and to destroy such data. In the latter case, the activity of the attacked company will be paralyzed, which may also be the target of the attack.
— The shadow services market is anonymous: it is difficult to prove who exactly ordered the attack, so the risk for the initiator seems acceptable, — says Mikhail Spitsyn. Hacker groups easily adapt tactics to the customer's task: from direct hacking of a corporate network through a zero—day vulnerability or phishing mailing list to months-long introduction of a "mole" into a competitor's staff, sabotage of production systems, destruction or substitution of data, draining corporate correspondence for reputational damage and large-scale DDoS campaigns capable of paralyzing infrastructure at a critical moment — in particular, on the eve of the launch of a new product.
Alexandra Shmigirilova, GR Director of the Security Code Information Company, complements the two main areas that it is always beneficial to know about competitors — their customer base and their plans. At the same time, hacking customers may have individual requests, for example, to learn something about a specific contract, its terms, price, and discounts. According to the expert, it is always very important for businesses to know what new products competitors are preparing, what regulatory initiatives they are promoting, what they are negotiating with customers and what arguments they are using.
A business that has this information about its competitors will always be the first in its field, as, in fact, it is always one step ahead, notes Alexandra Shmigirilova. However, you can get such information either by buying the loyalty of a person in the right company, which is expensive (since it must be an employee who has access to the necessary information) and unreliable, or by contacting intruders.
What responsibility is there for ordering hacking of business competitors
For a party affected by a contract hack, the consequences can be multi-layered, says Mikhail Spitsyn. The financial damage is reflected in downtime, regulatory fines for personal data leaks, and lost transactions. By losing control of intellectual property, a company loses its technological advantage, and a copy product at a low price may enter the market before it does.
Knowing the specifics of a particular development of the affected company, a competitor can lobby for changes in legislation, such that new requirements simply will not allow the product to be legalized on the market, notes Alexandra Shmigirilova. Thus, there are a lot of opportunities to create problems or even eliminate or ruin competitors if the hacking customer has their complete internal information.
At the same time, Russian legislation classifies the organization or financing of hacking as a combination of a number of crimes. For unauthorized access to computer information (Article 272 of the Criminal Code of the Russian Federation) and the creation or use of malware (Article 273), up to five and four years in prison, respectively, are threatened; for illegally obtaining or disclosing trade secrets (Article 183 of the Criminal Code of the Russian Federation) — up to seven years, and from July 2025 the fines have been tripled, Mikhail notes Spitsyn.
In addition, the FAS regards such actions as unfair competition and may impose a fine of up to 15% of the annual turnover, and the affected company has the right to recover direct and lost damages in a civil procedure. As a result, the economic benefits of the attack easily turn into criminal and multimillion-dollar financial risks, the expert emphasizes.
How can companies protect themselves from being hacked by custom hackers
The number of sentences in criminal cases initiated under Part 3 of Article 272 ("Unlawful access to computer information") of the Criminal Code of the Russian Federation over the past decades has been estimated in units, since for this it is necessary to establish and prove the involvement of the entire chain — from the customer to the hacker, Ashot Oganesyan says in an interview with Izvestia. Therefore, it is very important for companies to be proactive in order to eliminate the very possibility of a customized hack.
— The most important thing is that you cannot skimp on business security tools, both physical and informational, — says Alexandra Shmigirilova. — This means that the company must have a separate budget for information protection, plans for the development and modernization of such protection.
As the expert notes, if a company is large, it usually has a separate solid security department. All the funds invested in information protection always pay off, so it is necessary to consider such activities as a priority.
At the same time, protective measures against cyber attacks should not be based solely on the risk of attacks from competitors, adds Grigory Filatov, head of information security at Linx Cloud. According to the expert, an integrated approach is needed, taking into account the specifics of the IT infrastructure, external available resources and remote access points. Proper selection and configuration of protective equipment significantly reduce the likelihood of a successful cyberattack.
— You need to understand that the probability of falling under a customized cyberattack is quite low against the background of the probability of being hacked due to un-updated software, incorrect network equipment settings or databases open on the Internet, — concludes Ashot Oganesyan. — And we need to fight all threats by closing vulnerabilities and building a comprehensive security system.
Переведено сервисом «Яндекс Переводчик»
