BAHAMUT APT
Advanced Persistent Threat (APT) actors are not always following their own interests. They are often renting out their services to customers who are interested in paying for professional hacking, espionage, and data theft services. Needless to say, high-profile threat actors do not work with average clients – their customers are often asking them to penetrate the network defenses of high-value targets such as government entities, political organizations and various important people or companies. The BAHAMUT APT is a newly spotted group engaging in such behavior, and, so far, the majority of their attacks are concentrated in the Middle East and Southern Asia.
The BAHAMUT APT Goes after Android, iOS and Windows Systems
The hackers from BAHAMUT appear to have a very rich and flexible arsenal of vulnerabilities, implants and strategies. The majority of their malware is Windows-compatible, but some of their recent operations also include implants for iOS and Android. What makes the BAHAMUT APT stand out in this department is that the fake software they use to push mobile malware is well-made incredibly – the group has made an effort to set up websites with End User License Agreements (EULAs), Privacy Policy sections, and anything else you'd expect to see from a legitimate software publisher. This not only gains the trust of their victims but also assists them with bypassing the verification methods used by the Google Play Store.
The iOS and Android implants that the BAHAMUT APT uses have the ability to search for specific files and transfer them to a remote server. They also can read and use the text messaging application, view call logs and contacts, gather device information and record audio/video. The backdoor implants can be updated and reconfigured. The applications were usually themed according to the profile of their targets – security experts spotted the BAHAMUT APT applications themed around Ramadan, as well as applications that were exclusive for the United Arab Emirates.
The BAHAMUT Hackers Engage in Disinformation Campaigns
One of the strange things about BAHAMUT APT is its engagement in disinformation and the use of fake news websites. The group allegedly sets up fake personas and websites that pose as legitimate news networks or blogs. Furthermore, they also have been spotted taking over old and defunct Web pages that used to be credible blogs. Of course, the websites were reworked according to the group's needs.
BAHAMUT may be Working for Wealthy Customers
The main reasons why security experts consider the BAHAMUT APT to be a hacker-for-hire group are several. First of all, the group is very careful with the configuration and usage of its network infrastructure. For example, its servers are usually meant to work with just one malware family, and they avoid using the same infrastructure for more than one malware campaign. The group also is making sure that their infrastructure is not hosted on just a few service providers – allegedly, their servers are spread over 50 separate providers around the entire world. Needless to say, running a campaign of this scale without reusing network infrastructure is very time-consuming and expensive.
Their infrastructure's high price is not the only proof that the BAHAMUT APT is being sponsored by someone. Usually, experts suspect that this is a state-sponsored actor, but the BAHAMUT APT does not appear to attack a specific set of political targets. Instead, their campaigns are all over the place. Their hacking attempts have targeted individuals and companies on all ends of the political spectrum, which is unusual for a state-sponsored threat actor.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.