MANAMA: A new cyber threat group that has crippled scores of businesses across South Asia is now looking to target government and industry in the Middle East, an expert has warned.
Bahrain-based Artificial Intelligence (AI) Society president Dr Jassim Haji told the GDN that the group known as Bahamut is likely acting as a hack-for-hire operator.
According to Dr Haji, research has shown a lack of discernible pattern or unifying motive despite a range of targets and attacks.
It is believed the group has access to one zero-day developer and has leveraged zero-day exploits against multiple targets, “reflecting a skill-level well beyond most other known threat actor groups.”
Experts define a zero-day vulnerability as a computer-software weakness that is unknown to those who should be interested in fixing it.
Warning users in Bahrain, Dr Haji said in addition to malware and social engineering, Bahamut also employs the use of malicious mobile applications on both iOS and Android.
“Hence, we should understand that the apps came with official looking websites and privacy policies, helping them look legitimate to both users and app stores.”
In each case, the apps were custom-designed to appeal to certain groups and users of a certain language, he added.
While attribution is difficult, BlackBerry believes Bahamut is located close to the regions its operating in and targetting people, businesses, public sector agencies.
Tactics used include phishing and credential harvesting aimed at precise targets, on the back of a robust reconnaissance operation.
Phishing attempts designed to spoof public sector agency logins, private email accounts, and account portals from Microsoft Live, Gmail, Apple ID, Yahoo!, Twitter, Facebook, Telegram, OneDrive, and ProtonMail have been identified.
The spear-phishing operations ranged from a few hours to multiple months, depending on the success rates and this rate of change makes real-time detection “all but impossible”, warned Dr Haji.
Bahamut often uses publicly available malware, further impeding attribution efforts.
The attacks in the Middle East take a broader approach with malicious mobile apps, which researchers say appear to be designed for general audiences.
Nine malicious iOS applications and several Android apps have so far been discovered that experts attribute to the group based on configuration and unique network service fingerprints.
&uuid=(email))