Skip to main content

World's largest 'hack-for-hire' group is executing the most sophisticated phishing scams yet

phishing
(Image credit: Shutterstock / GoodStudio)

New research into the world’s largest hack-for-hire group, BAHAMUT, has revealed a depth of sophistication never before seen - especially when it comes to phishing attacks.

According to researchers at BlackBerry, the hacking syndicate’s elaborate phishing campaigns are “second to none” in terms of scope, personalization and research.

The group has been seen to mimic government agency login pages, private emails and trusted applications. It is also said to have gone to the lengths of developing bespoke content for specific individuals and whole websites to detect click patterns in support of its phishing efforts.

Using its fearsome armory of tools, BAHAMUT has launched a “staggering” number of attacks against both government bodies and high-profile businesses worldwide, according to BlackBerry.

Phishing attacks and more

The work of BAHAMUT, however, extends far beyond its sophisticated phishing campaigns, say the researchers, who have spent the last year investigating the organization.

“The sophistication and sheer scope of malicious activity that our team was able to link to BAHAMUT is staggering,” explained Eric Milam, VP of Research Operations at BlackBerry.

“Not only is this group responsible for a variety of unsolved cases that have plagued researchers for years, but we also discovered that BAHAMUT is behind hundreds of new Windows malware samples, uses of zero-day exploits, anti-forensic/antivirus evasion tactics and more.”

The group is also said to operate a vast network of disinformation assets - ranging from fake social media personas to entire news websites - designed to facilitate attacks on certain targets and support specific political agendas.

Unfortunately for those tasked with tracking the group down, BAHAMUT is also highly adept at covering its tracks - and the tracks of those that purchase its services.

“This is an unusual group in that its operational security is well above average, making them hard to pin down,” added Milam.

“They rely on malware as a last resort, show exceptional attention to detail and, above all, are patient - they have been known to watch targets for a year or more in some cases.

Although large enterprises and political organizations are BAHAMUT’s primary targets, small businesses and consumers should also take steps to protect against cyberattacks.

To shield against phishing attacks, it’s important to scrutinize emails for abnormalities that might identify a scam and cross-check landing page URLs with known addresses before entering account or payment information.

Businesses, for their part, should ensure employees undertake appropriate security awareness training and back this up with strict email filters, antivirus software and sophisticated identity management solutions.