BAHAMUT APT Description
Advanced Persistent Threat (APT) actors are not always following their own interests. They are often renting out their services to customers who are interested in paying for professional hacking, espionage, and data theft services. Needless to say, high-profile threat actors do not work with average clients – their customers are often asking them to penetrate the network defenses of high-value targets such as government entities, political organizations and various important people or companies. The BAHAMUT APT is a newly spotted group engaging in such behavior, and, so far, the majority of their attacks are concentrated in the Middle East and Southern Asia.
The BAHAMUT APT Goes after Android, iOS and Windows Systems
The iOS and Android implants that the BAHAMUT APT uses have the ability to search for specific files and transfer them to a remote server. They also can read and use the text messaging application, view call logs and contacts, gather device information and record audio/video. The backdoor implants can be updated and reconfigured. The applications were usually themed according to the profile of their targets – security experts spotted the BAHAMUT APT applications themed around Ramadan, as well as applications that were exclusive for the United Arab Emirates.
The BAHAMUT Hackers Engage in Disinformation Campaigns
One of the strange things about BAHAMUT APT is its engagement in disinformation and the use of fake news websites. The group allegedly sets up fake personas and websites that pose as legitimate news networks or blogs. Furthermore, they also have been spotted taking over old and defunct Web pages that used to be credible blogs. Of course, the websites were reworked according to the group's needs.
BAHAMUT may be Working for Wealthy Customers
The main reasons why security experts consider the BAHAMUT APT to be a hacker-for-hire group are several. First of all, the group is very careful with the configuration and usage of its network infrastructure. For example, its servers are usually meant to work with just one malware family, and they avoid using the same infrastructure for more than one malware campaign. The group also is making sure that their infrastructure is not hosted on just a few service providers – allegedly, their servers are spread over 50 separate providers around the entire world. Needless to say, running a campaign of this scale without reusing network infrastructure is very time-consuming and expensive.
Their infrastructure's high price is not the only proof that the BAHAMUT APT is being sponsored by someone. Usually, experts suspect that this is a state-sponsored actor, but the BAHAMUT APT does not appear to attack a specific set of political targets. Instead, their campaigns are all over the place. Their hacking attempts have targeted individuals and companies on all ends of the political spectrum, which is unusual for a state-sponsored threat actor.
Use SpyHunter to Detect and Remove PC Threats
If you are concerned that malware or PC threats similar to BAHAMUT APT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.
Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.