Cyber-espionage group BAHAMUT is involved in a “staggering” number of highly-sophisticated attacks against government officials and major industries alongside a range of disinformation campaigns, according to a new report from BlackBerry.
The tech firm said that the group’s motivation is primarily political, targeting high ranking government officials and industry titans in India, the Emirates and Saudi Arabia, as well as advocates of Sikh separatism or those support human rights causes in the Middle East.
The research indicates that the scope of the group’s activities is much wider than previously thought. This includes responsibility for over a dozen malicious applications in the Google Play store and the App Store. These had features many threat-actors neglect to add, enabling them to bypass Google and Apple safeguards. These are primarily well-designed websites, privacy policies and written terms of service.
Blackberry also believe BAHAMUT has access to at least one zero-day developer and has made use of zero-day exploits against numerous targets “reflecting a skill level well beyond most other known threat actor groups.” One of these targeted the word processing software InPage, whose users include nearly all the major newspapers in Pakistan and India.
BAHAMUT is also very active in spreading disinformation, according to the report, both to further certain political causes as well as to gain information on high value targets. It presides over a large number of fake entities, such as social media accounts, websites and applications that seek to “distort the readers’ perception of reality.”
Eric Milam, VP, research operations at BlackBerry commented: “The sophistication and sheer scope of malicious activity that our team was able to link to BAHAMUT is staggering. Not only is the group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that BAHAMUT is behind a number of extremely targeted and elaborate phishing and credential harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic/AV evasion tactics, and more.”
Milam added: “This is an unusual group in that their operational security is well above average, making them hard to pin down. They rely on malware as a last resort, are highly adept at phishing, tend to aim for mobile phones of specific individuals as a way into an organization, show an exceptional attention to detail and above all are patient – they have been known to watch their targets and wait for a year or more in some cases.”