(Reuters) – Saudi diplomats, Sikh separatists and Indian business leaders have been among those targeted by a group of hired hackers, according to research published on Wednesday by mobile company BlackBerry Corp.
The report on the group, publicly known as Bahamut, the name given to the mythical sea monster in Arab history, sheds light on how cybersecurity researchers are increasingly finding evidence of mercenaries online.
BlackBerry's vice president of research, Eric Milam, said the diversity of Bahamut's activities was such that he assumed it worked for a variety of customers.
"There are too many different things happening over too many different areas and too many different verticals that there would be a single state," Mr. Milam said before the report was released.
In June, Reuters reported on how an obscure Indian IT company called BellTroX offered its hacking services to help clients spy on more than 1
BlackBerry – who absorbed the antivirus company Cylance in 2019 – sewed together digital clues provided by other researchers over the years to create an image of a sophisticated group of hackers. BlackBerry also connected the group to mobile applications in Apple's and Google's app stores. These apps, which included a fitness tracker and password manager, may have helped hackers track their targets, the report said.
Apple declined to comment on the post. However, two of the apps flagged by BlackBerry are no longer available in the Apple App Store. A Google spokesman said all apps in the Google Play Store mentioned in the report had been removed.
Mr. Milam declined to comment on who he thought might be behind Bahamut, but said he hoped the report would help sharpen the focus on hackers for hire. Taha Karim, CEO of Emirati's cybersecurity company tephracore – who was not involved in BlackBerry's research but reviewed the report before publication – said the results were credible and "the links found are not obvious.
BlackBerry did not name any of Bahamut's targets directly, but researchers have previously publicly identified human rights activists in the Middle East, Pakistani military officials and Gulf Arab businessmen as in the group's crosshairs. goals by cross-referencing data published in BlackBerry's report using boobytrapped web pages maintained by urlscan.io, a cybersecurity tool. for Sikhs in India. Its founder, Gurpatwant Singh Pannun, said that his campaign website tser has been hacked repeatedly and his emails have been hacked.
Other persecuted by the hackers included: the United Arab Emirates 'Ministry of Defense, its Supreme Council for National Security, and Shaima Gargash, the United States' No. 2 diplomat in Washington.
In an email, Ms. Gargash said the embassy had no comment.
Saudi officials were also targeted at the hackers. Cached phishing sites maintained by urlscan services and reviewed by Reuters showed that the cyber spies targeted Mawthouq, the Saudi government's e-mail service, half a dozen Saudi government ministries and the Saudi Center for International Strategic Partnerships, a Riyadh-based body aimed at assistance in coordinating petroleum foreign policy.
The Saudi Embassy in Washington did not respond to a request for comment.
The hackers persecuted royalty and business leaders in Bahrain, Kuwait and Qatar. In August 2019, they tried to compromise with an employee of major Indian energy conglomerate Reliance Industries around the time the company negotiated the sale of a stake in its oil-to-chemicals business to Saudi Arabia.
Reliance did not return repeated messages. . Attempts to reach the hackers failed.