Security firm BlackBerry exposed the hacker group's sophisticated operations using fake social media accounts and websites as well as mobile apps to collect personal information and spread Android malware in the Middle East, India, and Southeast Asia.
The security firm BlackBerry describes in its lengthy report the hacker-for-hire group's "vast fake empire" of websites, malicious mobile apps, and false social media accounts. These are designed to monitor and steal credentials of their targets, which include government officials, business leaders, and even activists in India and the Middle East.
Hacker-for-Hire's Operations are 'Staggering'
BlackBerry VP of Research Operations Eric Milam called the scope of Bahamut's operations "staggering." The group was first known in 2017 by Bellingcat investigative journalists who connected Bahamut to five years of cyber spying in South East Asia and the Persian Gulf.
"This is an unusual group in that their operational security is well above average, making them hard to pin down," Milam said. The security firm compared various researches from different security companies including Trend Micro, Symantec, and Kaspersky to its own recent findings on the hacker-for-hire organization.
Milam also noted that the group is responsible for numerous unsolved cases that researchers have been working on for years as well as various credential harvesting campaigns, elaborate and extremely-targeted phishing, zero-day exploits, numerous new Windows malware as well as anti-forensic and anti-virus evasion tactics.
Hacker-for-hire: Bahamut's sophisticated operations
Bahamut has been known to patiently observe their targets for at least a year or more before executing its highly intricate attack. This detours security researchers in their investigations on their intentions regarding their actions.
Aside from their exceptional patience, Milam noted that the group is an expert at phishing, displays remarkable attention to detail, and targets specific individuals to get into an organization.
The group has reportedly targeted people who are interested in a Sikh separatist movement by employing legitimate-looking websites that are filled with various Sikh separatist contents. Blackberry found out that some websites were utilized used to spread Android malware or collect personal data.
Despite its ability to develop a sophisticated malware and deployment attack, which involves malicious apps on the Apple App and Google Play stores as well as zero-day Windows exploits, Bahumet takes malware as its last resort.
Also, BlackBerry was able to pinpoint the reason the hacker-for-hire group targeted the tech news website called Techsprouts. The site was updated periodically by a 'team' of content writers whose profile pictures were taken from other online sources, but BlackBerry noted that it did not host any malicious content.
One possible reason for the group's "seemingly harmless actions" was that it runs benign websites and email campaigns to better understand its targets' online habits before it delivers a full phishing and malware attacks.
While BlackBerry did not confirm Bahamut hackers' relation to any nation or state, it has concluded that it seems like "a mercenary group offering hack-for-hire services to a wide range of clients".
Previously, Bahamut was connected to operations that involve information collection on a European human rights group, Iranian women's rights organization as well as government officials in Iran and Turkey.
This is owned by Tech Times
Written by CJ Robles