Assault attribution is among the most troublesome elements of malware analysis and it isn’t unusual for various safety corporations to attribute assault campaigns to totally different risk actors solely to later uncover that they had been the work of the identical group. Nonetheless, a brand new paper by researchers at Blackberry stands out by exposing an elusive group dubbed Bahamut as answerable for a spider net of fastidiously constructed and carried out phishing and malware assaults.

The group’s hacking actions hint again to a minimum of 2016, contain malware for Home windows, macOS, iOS and Android. They’ve impacted a various vary of people, together with authorities officers, separatists and human rights activists from a number of international locations. Among the group’s campaigns had been documented by many researchers or safety corporations over time however they had been unattributed or attributed to risk actors utilizing totally different names.

“Over time, researchers at a number of different organizations together with Amnesty Worldwide, Kaspersky, Development Micro, Cymmetria, DarkMatter, ESET, Norman, Antiy, Forcepoint, Symantec, Palo Alto, Fortinet, 4Hou, Bitdefender, Cisco Talos, Microsoft, Qianxin, and others gave us a special view of Bahamut, usually beneath totally different names,” the BlackBerry researchers mentioned in their paper. “Many speculated brazenly about what it was they had been analyzing and the place the group’s distinctive options may lead them.”

In response to BlackBerry’s evaluation, Bahamut, which was named by researchers writing for open-source intelligence web site Bellingcat in 2017, is similar group described in earlier analysis by totally different corporations as EHDEVEL, Windshift, URPAGE and The White Firm, in addition to the actor answerable for the campaigns described by Kaspersky Lab in 2016 in its analysis on the InPage zero-day vulnerability, Cisco Talos’ analysis on malicious MDM and the assault in opposition to Pakistan analysis from Qianxin.

What’s Bahamut and the way does it function?

Primarily based on the group’s diverse and thoroughly segmented assault campaigns that concentrate on each high-value people and bigger teams of individuals throughout totally different areas with totally different geopolitical pursuits, the BlackBerry researchers consider it is believable that Bahamut is a mercenary group that sells its companies to totally different shoppers. This concept was first proposed in 2017 by researchers writing for Bellingcat.

Hacker-for-hire teams that use APT-style strategies have grow to be a typical aspect of the risk panorama lately, difficult the risk fashions of many companies. Nonetheless, Bahamut stands aside even amongst cyberespionage teams by means of its consideration to element, operational safety and appreciable efforts spent to study the habits of their targets.

Copyright © 2020 IDG Communications, Inc.


Please enter your comment!
Please enter your name here