Security News > 2020 > October > Smoke and Mirrors – Hack-for-Hire Group Builds Fake Online Empire
Hack-for-hire group BAHAMUT managed to build a fake online empire to leverage in cyber-espionage operations targeting the Middle East and other regions around the world, BlackBerry reports.
"BlackBerry assesses that the InPage zero-day exploit first identified by Kaspersky in 2016 and given CVE-2017-12824 but never attributed, was in fact used by BAHAMUT. We also assess that it was first developed by a Chinese threat group in 2009 for use in targeting a group in diaspora perceived to be a potential threat to the power of the Chinese Communist Party," BlackBerry notes in a new report.
The group is also believed to be re-using tools from other groups and to mimic their tradecraft, to hinder attribution.
The group is also believed to have access to at least one zero-day developer and to be operating over a dozen malicious apps for Android and iOS. Some of these apps were previously mentioned by Trend Micro in a report on Urpage.
"For a group that historically set themselves apart by employing above-average operational security and extremely skilled technical capabilities, BAHAMUT operators are, at the end of the day, still human. While their mistakes have been few, they have also proven devastating. BlackBerry found that the idiom"old habits die hard" applies to even the most advanced of threat groups," BlackBerry concludes.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-11-08 | CVE-2017-12824 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Inpage Special crafted InPage document leads to arbitrary code execution in InPage reader. | 6.8 |