Posted: October 12, 2020

BAHAMUT APT Description

Advanced Persistent Threat (APT) actors are not always following their own interests. They are often renting out their services to customers who are interested in paying for professional hacking, espionage, and data theft services. Needless to say, high-profile threat actors do not work with average clients – their customers are often asking them to penetrate the network defenses of high-value targets such as government entities, political organizations and various important people or companies. The BAHAMUT APT is a newly spotted group engaging in such behavior, and, so far, the majority of their attacks are concentrated in the Middle East and Southern Asia.

The BAHAMUT APT Goes after Android, iOS and Windows Systems

The hackers from BAHAMUT appear to have a very rich and flexible arsenal of vulnerabilities, implants and strategies. The majority of their malware is Windows-compatible, but some of their recent operations also include implants for iOS and Android. What makes the BAHAMUT APT stand out in this department is that the fake software they use to push mobile malware is well-made incredibly – the group has made an effort to set up websites with End User License Agreements (EULAs), Privacy Policy sections, and anything else you'd expect to see from a legitimate software publisher. This not only gains the trust of their victims but also assists them with bypassing the verification methods used by the Google Play Store.

The iOS and Android implants that the BAHAMUT APT uses have the ability to search for specific files and transfer them to a remote server. They also can read and use the text messaging application, view call logs and contacts, gather device information and record audio/video. The backdoor implants can be updated and reconfigured. The applications were usually themed according to the profile of their targets – security experts spotted the BAHAMUT APT applications themed around Ramadan, as well as applications that were exclusive for the United Arab Emirates.

The BAHAMUT Hackers Engage in Disinformation Campaigns

One of the strange things about BAHAMUT APT is its engagement in disinformation and the use of fake news websites. The group allegedly sets up fake personas and websites that pose as legitimate news networks or blogs. Furthermore, they also have been spotted taking over old and defunct Web pages that used to be credible blogs. Of course, the websites were reworked according to the group's needs.

BAHAMUT may be Working for Wealthy Customers

The main reasons why security experts consider the BAHAMUT APT to be a hacker-for-hire group are several. First of all, the group is very careful with the configuration and usage of its network infrastructure. For example, its servers are usually meant to work with just one malware family, and they avoid using the same infrastructure for more than one malware campaign. The group also is making sure that their infrastructure is not hosted on just a few service providers – allegedly, their servers are spread over 50 separate providers around the entire world. Needless to say, running a campaign of this scale without reusing network infrastructure is very time-consuming and expensive.

Their infrastructure's high price is not the only proof that the BAHAMUT APT is being sponsored by someone. Usually, experts suspect that this is a state-sponsored actor, but the BAHAMUT APT does not appear to attack a specific set of political targets. Instead, their campaigns are all over the place. Their hacking attempts have targeted individuals and companies on all ends of the political spectrum, which is unusual for a state-sponsored threat actor.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to BAHAMUT APT may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.