Bahamut

Threat Actor updated 4 days ago (2024-11-29T14:07:41.659Z)
Download STIX
Preview STIX
Bahamut is a threat actor group known for its sophisticated cyber-espionage operations, targeting primarily South Asia. Meta's Adversarial Threat Report from the first quarter of 2023 identified Bahamut as one of three major groups involved in cyber espionage operations in the region, alongside Patchwork APT and a state-linked group in Pakistan. The company took action against these entities, removing approximately 110 accounts on Facebook and Instagram linked to Bahamut that were targeting individuals in Pakistan and India, including the Kashmir region. In addition, Bahamut has been known to use fake VPN apps for Android containing extensive spyware functionality, further highlighting their advanced tactics. In August 2023, new social engineering attacks by Bahamut were reported involving a fraudulent Android chat app called SafeChat. This application was used to facilitate a version of the CoverIm spyware aimed at exfiltrating mobile device data, according to BleepingComputer. The attack was attributed to Bahamut with a fair degree of confidence, although there were noted similarities in tactics to the advanced persistent threat group DoNot, believed to be linked to the Indian Government. These incidents underscore Bahamut's capacity for complex and targeted cyberattacks. Interestingly, while Bahamut's activities have mainly been traced back to South Asia, there are indications of links to China as well. A London-based operation creating fake personas impersonating US and EU companies and institutions, which later published negative commentary about Uyghur activists and critics of the Chinese state, was linked to individuals in China associated with Xi’an Tainwendian Network Technology. Despite the efforts of the actual operators to conceal their identities, this connection suggests that Bahamut may have a broader geographical reach and more diverse targets than initially assumed.
Description last updated: 2024-03-28T08:16:29.699Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Apt
Facebook
Meta
Spyware
Android
Vpn
Malware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the Bahamut Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
DARKReading
8 months ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
2 years ago
ESET
2 years ago
ESET
2 years ago
DARKReading
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago
CERT-EU
2 years ago