Security experts from BlackBerry uncovered the cyber espionage group dubbed “BAHAMUT” targeting several government officials and major industries via various disinformation campaigns. In its research “BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps,” BlackBerry found that the BAHAMUT group uses various attack vectors ranging from fake news campaigns, fraudulent social media personalities, to the development of entire news websites built to include disinformation.
BlackBerry’s research and intelligence team stated that the BAHAMUT group primarily targets human rights groups, influencers, high ranked government officials, and businesses in India, the Emirates, and Saudi Arabia.
- BAHAMUT actors use original, carefully crafted websites, applications, and personas to spread fake content focused on geopolitics, research, industry news about other hack-for-hire groups.
- Nine malicious iOS applications in the Apple App Store are said to be linked to the BAHAMUT group.
- Use of phishing and credential harvesting is aimed at very precise targets; concerted and robust reconnaissance operations are conducted on targets before the attack.
- Clustered targeting in South Asia and the Middle East lends credence to a “hacker for hire” operation.
- A range of tools, tactics and targets suggests the group is well-funded, well-resourced, and well-versed in security research.
Eric Milam, VP, Research Operations at BlackBerry, said, “The sophistication and sheer scope of malicious activity that our team was able to link to BAHAMUT is staggering. Not only is the group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that BAHAMUT is behind a number of extremely targeted and elaborate phishing and credential harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic/AV evasion tactics, and more.”
“This is an unusual group in that their operational security is well above average, making them hard to pin down. They rely on malware as a last resort, are highly adept at phishing, tend to aim for mobile phones of specific individuals as a way into an organization, show an exceptional attention to detail and above all are patient – they have been known to watch their targets and wait for a year or more in some cases,” Milam added.