BlackBerry Uncovers Massive Hack-For-Hire Group Targeting Governments, Businesses, Human Rights Groups and Influential Individuals

BlackBerry Limited (NYSE: BB; TSX: BB) today released new research highlighting the true reach and sophistication of one of the most elusive, patient, and effective publicly known threat actors BAHAMUT. In the report, BlackBerry researchers link the cyberespionage threat group to a staggering number of ongoing attacks against government officials and industry titans, while also unveiling the group's vast network of disinformation assets aimed at furthering particular political causes and hampering NGOs.

BlackBerry Logo Black (PRNewsfoto/Blackberry Limited)

The report, BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News, and Fake Apps , provides new insights into the group, and shows how it deployed a vast array of sophisticated disinformation campaigns. BlackBerry's Research & Intelligence Team found that BAHAMUT currently presides over a significant number of fake news entities – ranging from fraudulent social media personas to the development of entire news websites built to include disinformation – to both further certain causes and to gain information on high value targets.

"The sophistication and sheer scope of malicious activity that our team was able to link to BAHAMUT is staggering," said Eric Milam , VP, Research Operations at BlackBerry. "Not only is the group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that BAHAMUT is behind a number of extremely targeted and elaborate phishing and credential harvesting campaigns, hundreds of new Windows malware samples, use of zero-day exploits, anti-forensic/AV evasion tactics, and more."

The report also highlights increased targeting on mobile devices and how the group has published over a dozen applications in the Google Play and the Apple iOS App Stores , as well as the highly patient approach BAHAMUT takes in compromising their targets. Importantly, despite the range of targets and attacks, the lack of discernable pattern or unifying motive moved BlackBerry to confirm the group is likely acting as Hack-for-Hire mercenaries.

"This is an unusual group in that their operational security is well above average, making them hard to pin down," Milam added. "They rely on malware as a last resort, are highly adept at phishing, tend to aim for mobile phones of specific individuals as a way into an organization, show an exceptional attention to detail and above all are patient – they have been known to watch their targets and wait for a year or more in some cases."

Building a Fake News Empire

Perhaps the most distinctive aspect of BAHAMUT's tradecraft that BlackBerry discovered is the group's use of original, painstakingly crafted websites, applications and personas. In at least one example, the group took over the domain of what was originally an information security news website and began pushing out content focused on geopolitics, research, industry news about other hack-for-hire groups, and a list of "contributors" that were fake – but which used the names and photos of real journalists (including local U.S. news anchors) to appear legitimate. In some cases, the 'news' outlets BAHAMUT created were also accompanied by social media accounts and other websites to present a veneer of legitimacy.

Malicious Mobile Applications: More Than Meets The Eye

The report uncovered nine malicious iOS applications available in the Apple App Store and an assortment of Android applications that are directly attributable to BAHAMUT based on configuration and unique network service fingerprints presented. The applications were complete with well-designed websites, privacy policies and written terms of service – often overlooked by threat actors – which helped them bypass safeguards put in place by both Google and Apple.

Those investigated by BlackBerry were determined to be intended for targets in the UAE as downloads were region-locked to the Emirates. Additionally, Ramadan-themed applications as well as those that invoked the Sikh separatist movement indicate that BAHAMUT had intent to target specific religious and political groups.

Additional Key Findings in the BAHAMUT Threat Report

Named by researchers for the open-source intelligence site Bellingcat, BAHAMUT leverages publicly available tools, imitates other threat groups and changes its tactics frequently, which has made attribution difficult in the past. However, BlackBerry reports with high confidence that the threat group is behind exploits researched by over 20 different security companies and nonprofits under the names EHDEVEL, WINDSHIFT, URPAGE, THE WHITE COMPANY, and most significantly, the unnamed threat group in Kaspersky's 2016 "InPage zero-day" research.

The report also made other significant observations regarding BAHAMUT, including:

  • At least one zero-day developer reflects a skill-level beyond most other known threat actor groups today
  • Use of phishing and credential harvesting is aimed at very precise targets, and concerted and robust reconnaissance operations are conducted on targets prior to attack
  • Clustered targeting in South Asia and the Middle East lends credence to a "hacker for hire" operation
  • A range of tools, tactics and targets suggests the group is well-funded, well-resourced and well-versed in security research

BlackBerry endeavored to notify as many of the individual, governmental and corporate/nonprofit targets as possible prior to the publication of the report.

To learn more and download a copy of the report, visit www.blackberry.com/bahamut-report .

About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 175M cars on the road today.  Based in Waterloo, Ontario , the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety and data privacy solutions, and is a leader in the areas of endpoint security management, encryption, and embedded systems.  BlackBerry's vision is clear - to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere.

For more information, visit BlackBerry.com and follow @BlackBerry.

Media Contact:
BlackBerry Media Relations
(519) 597-7273
mediarelations@BlackBerry.com

Cision View original content to download multimedia: https://www.prnewswire.com/news-releases/blackberry-uncovers-massive-hack-for-hire-group-targeting-governments-businesses-human-rights-groups-and-influential-individuals-301147490.html

SOURCE BlackBerry Limited

News Provided by PR Newswire via QuoteMedia

The Conversation (0)
Mobile Gaming Stocks: 10 Biggest Companies in 2025

Mobile Gaming Stocks: 10 Biggest Companies in 2025

According to market intelligence firm Newzoo, global gaming revenue came in at US$177.9 billion in 2024, with mobile gaming accounting for more than half of that amount at US$97.6 billion.

The firm states that the mobile gaming market has reached maturity but still achieved higher growth than the console and PC segments, with revenue up by 2.8 percent globally last year. The regions driving that growth are North America and Europe, where markets rebounded due to big releases and diversified revenue streams.

Mobile games are typically accessed through three core operating systems: Apple's (NASDAQ:AAPL) iOS, Microsoft's (NASDAQ:MSFT) Windows and Alphabet's (NASDAQ:GOOGL) Android. Notably, the iOS App Store generated nearly 37 percent of its revenue from mobile gaming apps in 2024, totaling US$3.83 billion. However, figures show that most mobile games on the market today are developed for Android, representing 75 percent of total mobile game downloads.

Keep reading...Show less

Our Approach to Clean and Renewable Energy

At Meta, we work to design, build and operate some of the most innovative and sustainable data centers in the world. They provide the technology that billions of people use every day to connect and build community. Ensuring these world-class data centers are supported by clean and renewable energy is foundational to our approach. We recognize that adding new energy to the grid is important, not only because of our scale and scope as a company, but because we want to play a positive role in the communities in which we operate

Since 2020, we have matched 100% of our annual electricity use with new renewable energy and have a long history of partnering with utilities and renewable developers to bring new wind and solar energy projects to grids where we operate. As a voluntary buyer of renewable energy, we prioritize supporting high quality, innovative clean and renewable energy projects around the globe, which is key to maintaining net zero emissions for our operations.

News Provided by ACCESSWIRE via QuoteMedia

Keep reading...Show less

Growing Our Commitment to Carbon Removal With the U.S. Department of Energy

Meta

Meta is pledging to contract at least $35 million for carbon removal projects in the coming year as part of our goal to achieve net zero emissions across our value chain in 2030. This is a direct response to the Carbon Dioxide Removal Purchasing Challenge presented by the U.S. Department of Energy (DOE), which calls for companies to help catalyze carbon removal at gigaton scales in the coming decades. Our pledge matches DOE's own commitment to advance technologies that remove carbon dioxide directly from the atmosphere.

News Provided by ACCESSWIRE via QuoteMedia

Keep reading...Show less

How Our Llama Grant Recipients Are Tackling Global Issues

MetaTakeaways

  • Today, we're excited to announce the recipients of the 2023 Llama Impact Grants, who will be awarded $500,000 each to support their use of AI to address pressing social issues.

News Provided by ACCESSWIRE via QuoteMedia

Keep reading...Show less

Meta at UNGA 2024

Meta

Takeaways

News Provided by ACCESSWIRE via QuoteMedia

Keep reading...Show less

Apple extends its privacy leadership with new updates across its platforms

Private Cloud Compute sets a new standard for privacy in artificial intelligence

Apple® today announced new updates across its platforms that help empower users and keep them in control of their data. Private Cloud Compute extends the industry-leading protections of iPhone® to the cloud, so that users don't have to choose between powerful intelligence grounded in their personal context and strong privacy protections. Apple also raised the bar for privacy with new features, such as locked and hidden apps, aimed at helping users protect sensitive areas of their phones. Apple introduced additional features designed with privacy and security in mind, including categorization in Mail, Messages via satellite, and presenter preview.

News Provided by Business Wire via QuoteMedia

Keep reading...Show less

Latest Press Releases

Related News

×