Cyber-espionage group BAHAMUT is involved in a “staggering” number of highly-sophisticated attacks against government officials and major industries alongside a range of disinformation campaigns, according to a new report from
BlackBerry.
The tech firm said that the group’s motivation is primarily political, targeting high ranking government officials and industry titans in India, the Emirates and Saudi Arabia, as well as advocates of Sikh separatism or those support human rights causes in the Middle East.
The research indicates that the scope of the group’s activities is much wider than previously thought. This includes responsibility for over a dozen malicious applications in the Google Play store and the App Store. These had features many threat-actors neglect to add, enabling them to bypass Google and Apple safeguards. These are primarily well-designed websites, privacy policies and written terms of service.
Blackberry also believe BAHAMUT has access to at least one zero-day developer and has made use of zero-day exploits against numerous targets “reflecting a skill level well beyond most other known threat actor groups.” One of these targeted the word processing software InPage, whose users include nearly all the major newspapers in Pakistan and India.
BAHAMUT is also very active in spreading disinformation, according to the report, both to further certain political causes as well as to gain information on high value targets. It presides over a large number of fake entities, such as social media accounts, websites and applications that seek to “distort the readers’ perception of reality.”
