BlackBerry yesterday published its research into the activities of Bahamut, a cybermercenary group, unusually sophisticated and patient. Its customers (or “true sponsors” as BlackBerry calls them) remain unknown. Bahamut engages in cyberespionage and disinformation, and its operations are marked by extensive reconnaissance, concentration on particular targets, and attention to detail. It prefers phishing to malware, but it shows unusual savvy with respect to zero-days when it decides to deploy those. The group is most active in the Middle East and South Asia.
BlackBerry sees Bahamut as a leading example of the outsourcing of cyberespionage and disinformation, attractive not only for its capabilities, but also for the deniability it brings. Bellingcat began to take notice of Bahamut in 2017, so the group is not a new one. CyberScoop, in its account of BlackBerry’s research, offers a review of other mercenary actors.
The US Justice Department last night announced the seizure of ninety-two domain names that Iran’s Islamic Revolutionary Guard Corps had been using in global disinformation campaigns. The domains were used to create fake personae misrepresenting themselves as…
