A recent report exposed Hack-for-Hire group, BAHAMUT, for undermining numerous political causes and disruptions among NGOs. The report links “the cyberespionage threat group to a staggering number of ongoing attacks against government officials and industry titans.” Before the report was published, trusted partners strived to “notify as many of the individual, governmental and corporate/nonprofit targets.”
BAHAMUT is a hacking group known for its patience in developing wide-ranging disinformation attacks and large-scale threats against governmental agencies, private industry, and nonprofits. Eric Milam, VP, Research Operations at BlackBerry, shares that “the sophistication and sheer scope of malicious activity that our team was able to link to BAHAMUT is staggering.” They are able to design extensive attacks with the goal of either gathering information or disseminating disinformation. Milam shared in the report his insight on how BAHAMUT are “highly adept at phishing, tend to aim for mobile phones of specific individuals as a way into an organization, show an exceptional attention to detail and above all are patient – they have been known to watch their targets and wait for a year or more in some cases,” while relying on malware as a last resort.
Another way the group gains information is through “applications in the Google Play and the Apple iOS App Stores” to target mobile devices. Based on configuration and unique network service fingerprints, the report uncovered “nine malicious iOS applications available in the Apple App Store and an assortment of Android applications that are directly attributable to BAHAMUT.” The hacking group even went to the extent of crafting privacy policies and written terms of service in order to “bypass safeguards put in place by both Google and Apple.” Since these applications were only available in the UAE, the report claimed that BAHAMUT intended for their targets to be specific religious and political groups.
In addition to these new discoveries, the report revealed that the group is “responsible for a variety of unsolved cases that have plagued researchers for years.” BAHAMUT specifically targets the mobile phone industry and its ability to connect people globally which allows a quick spread of false information to a large scope of individuals. It is vital to verify information through multiple sources, as well as, what applications and information sharing you are allowing on your smart devices.
Click here to read the full report.