A cyber-espionage group Bahamut is involved in highly-sophisticated attacks against government officials and industries in the Middle East and South Asia.
A cyber-espionage group Bahamut is involved in highly-sophisticated attacks against government officials and industries in the Middle East and South Asia.
Blackberry researchers uncovered the highly resourced group playing a wide range of espionage and disinformation campaigns.
“BAHAMUT is behind a number of extremely targeted and elaborate phishing and credential-harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic/AV evasion tactics, and more,” said Eric Milam, vice president of research operations at BlackBerry, in a report.
The group has planned out its attacks for each target depending on the victim’s communication medium and operating system. The techniques used depend on who they were trying to phish.
The report indicates that the scope of the group’s activities is much broader with dozens of malicious applications in the App Store and the Google Play store designed for general audiences. The applications we're well designed with websites, privacy policies and written terms of service which helped them to bypass safeguards of both Google and Apple.
Bahamut spreads disinformation and governs over a large number of fake entities such as websites, social media accounts, and applications that seek to “distort the reader’s awareness of reality.”
Researchers found the apps they investigated were specific for targets in the UAE, as their downloads were restricted to the Emirates. Further, Ramadan-themed applications, as well as those invoking the Sikh separatist movement, indicate intent to target political and religious groups.
The group has targeted people and entities in South Asia, particularly India and Pakistan, as well as the Middle East, primarily UAE and Qatar. Researchers reported that its interests lie in South Asia and the Persian Gulf. In the Middle East, Bahamut targeted businesses and individuals, and most of its attacks are aimed at the government.
In Saudi Arabia, it was behind seven different ministries and other agencies. It also targeted the Emirates, Bahrain, Qatar and Kuwait, with an emphasis on foreign policy and defence.
“They rely on malware as a last resort, are highly adept at phishing, tend to aim for mobile phones of specific individuals as a way into an organization, show an exceptional attention to detail and above all are patient – they have been known to watch their targets and wait for a year or more in some cases, ” Milam added.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: How to Survive the COVID Time Cyber Security Threats?