Sophisticated Mercenary Group Excels at Social Engineering

sophisticated cybercriminals social engineeringAn extremely skilled group of hackers-for-hire dubbed “Bahamut” is using sophisticated social engineering tactics against a range of targets around the world, researchers at BlackBerry have found. The group has refined its tactics over time, and it adapts every time a security firm publishes research on its activities.

“BlackBerry assesses that BAHAMUT’s phishing and credential harvesting tradecraft is significantly better than the majority of other publicly known APT groups,” BlackBerry says. “This is principally due to the group’s speed, their dedication to single-use and highly compartmentalized infrastructure, and their ability to adapt and change, particularly when their phishing tools are exposed.”

The group now uses a streamlined framework for phishing that makes it very difficult to block these attacks.

“While monitoring BAHAMUT’s operations over the past year, BlackBerry watched new phishing infrastructure spring up weekly,” the researchers write. “Just as other researchers previously observed, many of these highly targeted spear-phishing operations lasted anywhere from a few hours to a few months, depending on the domain and success rates. This embrace of ever-fleeting infrastructure makes real-time detection all but impossible. Catching a window that is open only for a few hours on infrastructure that is constantly changing requires resources and luck that few network defenders, much less individual targets, could ever hope to possess.”

The group also does extensive research on its targets, and in some cases has used fake social media profiles to build trust with their victims. Notably, the researchers found that the hackers often knew the target’s personal email address, and avoided sending phishing emails to the victim’s corporate or government address.

“Throughout our analysis of their phishing behavior, BlackBerry observed that BAHAMUT was generally in possession of a great deal of information about their targets prior to phishing them,” they write. “This was clearly the result of a concerted and robust reconnaissance operation.”

BlackBerry concludes that Bahamut’s patience, attention to detail, and commitment to operational security puts them far above most threat actors.

“In sum, BlackBerry finds BAHAMUT to be well above average in its social engineering,” the researchers write. “The group has truly impressive operational security that enables them to continue to attack despite numerous, repeated attempts to expose their operations.”

New-school security awareness training can help your employees defend themselves against targeted social engineering attacks.

BlackBerry has the story.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before the bad guys do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

Subscribe To Our Blog

New call-to-action

Get the latest about social engineering

Subscribe to CyberheistNews