Bahamut cybercrime group has a "fake news empire"

By Dylan Bushell-Embling
Monday, 12 October, 2020

BlackBerry has released new research into the scope of the operations of what the company claims is the world’s largest cybercrime-for-hire group, Bahamut.

The research found that Bahamut is connected to a “staggering” number of ongoing attacks against government officials and companies.

The group has also deployed a vast array of sophisticated disinformation campaigns targeting particular NGOs and seeking to further certain causes.

Bahamut has built a “fake news empire” consisting of a large number of websites, applications and personas, BlackBerry said.

In one example highlighted in the report, Bahamut took over the domain of what was originally an information security news website and started pushing out misinformation focused on geopolitics, research, as well as industry news about other hack-for-hire groups, under the monikers of a fake list of contributors sourced from the names and photos of real journalists.

In other cases, the fake news outlets were also accompanied by social media accounts and affiliate websites to present an additional veneer of legitimacy.

But the lack of any discernible pattern or unifying motive suggests that Bahamut is acting as hack-for-hire mercenaries, BlackBerry argued in its report. The group’s use of clustered targeting in South Asia and the Middle East lends further credence to this theory.

Meanwhile, Bahamut has successfully placed over a dozen malicious apps on the Google Play and iOS app stores, the research suggests.

These apps appeared to be intended for targets in the UAE as downloads were region-locked to the Emirates.

BlackBerry said its findings suggest that Bahamut has at least one zero-day developer in its ranks, and has been involved in sophisticated spear phishing and credential harvesting attacks that are accompanied by robust reconnaissance operations prior to an attack.

“The sophistication and sheer scope of malicious activity that our team was able to link to Bahamut is staggering,” BlackBerry VP of Research Operations Eric Milam commented.

“Not only is the group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that Bahamut is behind a number of extremely targeted and elaborate phishing and credential harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic/AV evasion tactics and more.”

Image credit: ©stock.adobe.com/au/MclittleStock