A hack-for-hire cyberespionage group named Bahamut is involved in advanced attacks targeting government officials and organizations with sophisticated credential harvesting attacks and phishing campaigns, new Windows malware samples, zero-day exploits, and other techniques.
BlackBerry researchers who have been tracking Bahamut say the group is politically motivated and has a wide range of targets. The group has historically targeted people and entities in South Asia, particularly India and Pakistan, as well as the Middle East, primarily the UAE and Qatar. Its interests remain concentrated in South Asia and the Persian Gulf, researchers report.
In its latest writeup, the BlackBerry team builds on research published in 2018 that references a group called "The White Company," explains vice president of research operations Eric Milam. Through this, they were able to connect more dots and add previous findings from other researchers who have tracked the group's activity. Bahamut, named by researchers with open source intelligence site Bellingcat, has also been called "Ehdevel," Windshift," and Urpage."
Despite its range of targets and attacks, a lack of discernible pattern or unifying motive leads researchers to believe Bahamut is likely acting as hack-for-hire operators. They believe the group has access to one zero-day developer and has leveraged zero-day exploits against multiple targets, "reflecting a skill-level well beyond most other known threat actor groups," researchers state in their report.
"Bahamut executed highly disparate targeting across a number of verticals and geographic regions, [which] suggests a mercenary, hack-for-hire group acting in the interest of multiple sponsors," says Milam. The varied nature of its activity indicates the ..
Support the originator by clicking the read the rest link below.
