Saudi diplomats, Sikh separatists and Indian company executives are among those targeted by a group of hired hackers, according to research published by BlackBerry Corp.
The analysis on the team, known publicly as Bahamut, the name assigned to the mythical sea monster of Arab lore, highlights how cybersecurity researchers are increasingly finding evidence of mercenaries online.
BlackBerry’s VP of research, Eric Milam, stated the diversity of Bahamut’s actions was such that he presumed it was working for a range of different clients.
“There’s too many different things going on across too many different ranges and too many different verticals that it would be a single state,” Milam said before the report’s release.
Back in June, journalists at our content partners Reuters reported how an obscure Indian IT company called BellTroX provided its hacking solutions to help clients spy more than 10,000 email accounts over seven years, including targeting prominent US-based investors.
BlackBerry – which absorbed antivirus company Cylance in 2019 – stitched together digital clues left by other investigators over the years to make a picture of a sophisticated group of hackers. BlackBerry also connected the group to mobile phone applications in the Apple and Google app stores. These apps, which comprised a fitness tracker and password supervisor, may have helped the hackers monitor their targets, the report stated.
A Google spokesman said all the apps in the Google Play Store mentioned in the report was eliminated. Apple stated two of those seven apps were no longer in its App Store and that it wasn’t supplied with enough information regarding the remaining programs to gauge whether they were malicious.
Milam declined to comment about who he believed could be behind Bahamut, but he stated he hoped that the report would help to sharpen the focus on hackers-for-hire.
Taha Karim, the CEO of Emirati cybersecurity firm tephracore – that wasn’t involved in BlackBerry’s study but examined the report ahead of publication – said the findings were credible and”they found links that aren’t obvious.”
BlackBerry did not name any of Bahamut’s goals straight, but researchers have publicly identified Middle Eastern human rights activists, Pakistani army officials, and Gulf Arab businessmen as being at the group’s crosshairs. Journalists at Reuters were also able to identify new targets by cross-referencing data published in BlackBerry’s report with boobytrapped webpages maintained by urlscan.io, a cybersecurity tool.
One heavily targeted organization included the New York-based Sikhs for Justice, a separatist group that is campaigning for an independent homeland for Sikhs in India. Its creator, Gurpatwant Singh Pannun, said his campaign websites have been repeatedly hacked and his mails broken into.
Others chased by the hackers comprised: The United Arab Emirates’ Ministry of Defense, its Supreme Council for National Security, and Shaima Gargash, the Emirates’ Number 2 diplomat in Washington DC.
In an email, Gargash said the embassy had no opinion.
Saudi officials were targeted by the hackers. Cached phishing pages maintained by services like urlscan and examined by Reuters revealed that the cyber spies targeted Mawthouq, the Saudi government’s email support, half a dozen Saudi government ministries, along with the Saudi Centre for International Strategic Partnerships, a Riyadh-based body targeted at helping coordinate the petrostate’s foreign policy.
The hackers chased royals and business executives in Bahrain, Kuwait, and Qatar. In August 2019 they tried to undermine an employee of important Indian energy conglomerate Reliance Industries around the time that the company was negotiating the sale of a stake from its oil-to-chemicals business to Saudi Aramco.
Reliance did not return repeated messages. Efforts to reach the hackers were ineffective.
The team at Platform Executive hope you have enjoyed this news article. Initial reporting via our official content partners at Thomson Reuters. Reporting by Raphael Satter and Christopher Bing in Washington. Editing by Grant McCool and Marguerita Choy.
To stay on top of the latest developments across the platform economy and gain access to our problem-solving tools, databases and comprehensive content sets, you can subscribe for just $19 per month.