A group behind a sophisticated hackers-for-hire operation that has been targeting India among other South Asian countries, as well as some West Asian nations, has been uncovered by the Canadian cyber security company Blackberry.
Blackberry, based in Waterloo in Ontario province and once famous for its smartphones, published a 92-page report in which it dubbed the unnamed cyber espionage group “BAHAMUT: Hack-for-Hire Masters of Phishing, Fake News and Fake Apps”.
BlackBerry’s research and intelligence team linked the “cyber espionage threat group to a staggering number of ongoing attacks against government officials and industry titans, while also unveiling the group’s vast network of disinformation assets aimed at furthering particular political causes and hampering NGOs”, according to a statement from the company that accompanied the report.
The shadowy group ran fake news websites and harmful smartphone apps, according to Blackberry. “The sophistication and sheer scope of malicious activity that our team was able to link to BAHAMUT is staggering,” said Eric Milam, vice-president, research operations at BlackBerry.
Blackberry said in its report, what “emerged from the past research was clustered targeting around two primary areas: South Asia (particularly India and Pakistan), and the Middle East (particularly the UAE and Qatar)”.
Some of the activities of the group may have been aimed at bringing down the digital presence of separatist groups such as Sikhs for Justice (SFJ), and those engaged in terror activities in Kashmir, such as Jamaat-ul-Islami and Jaish-e-Mohammad.
In its South Asia operations, Blackberry said, the “phishing targets are focused on individuals of greater importance in private industry, in contrast to the heavy government-themed phishing in the Gulf”.
It added that it did “not find any Indian government agencies or individuals among its current target sets”.
According to a Reuters report based on Blackberry’s findings, Reliance was among the Indian companies targeted, as the group attempted to compromise an employee there “around the time that the company was negotiating the sale of a stake in its oil-to-chemicals business to Saudi Aramco”.
Reuters said Apple and Google removed several of the apps mentioned in the report. Among them was one called Doctor Health, which was first released in India and accessed location information and health data, and a password app that not only saved credentials for accessing email but could also hack into accounts.
Gurpatwant Pannun, legal counsel for the SFJ, one of the targets of the shadowy group, said, “We have been the subject of cyber attacks, on an individual as well as group level, since the July 4 launch of Referendum Voter Registration for people living in Punjab.”
Blackberry said the “range of tools, tactics and targets suggest the group is well-funded, well-resourced and well-versed in security research”.