Bahamut Apt

The Bahamut Advanced Persistent Threat (APT) group, a threat actor known for its malicious activities, is currently conducting an active campaign targeting Android users. This mobile campaign uses the same method of distributing Android spyware apps via websites that impersonate legitimate services, a technique previously observed with this group. The Bahamut APT primarily targets entities and individuals in the Middle East and South Asia, utilizing spearphishing messages and fake applications as their initial attack vector. ESET researchers have identified links to individuals in China associated with Xi’an Tainwendian Network Technology, an information technology company, despite attempts by the actual operators to conceal their identities. The group has been found creating fake personas mimicking companies and institutions in the U.S. and EU, initially posting content similar to the entity they're impersonating before switching to publishing negative commentary about Uyghur activists and critics of the Chinese state. In May 2023, Meta released its quarterly adversarial threat report highlighting three separate cyber-espionage campaigns linked to the Bahamut APT, the Patchwork APT, and an unnamed Pakistan-based threat actor. As part of their countermeasures, Meta was able to disrupt nearly 110 Facebook and Instagram accounts used by Bahamut APT in Android malware attacks against Indian and Pakistani government workers, military personnel, and activists. The report underscores the ongoing threat posed by Bahamut APT and the need for continued vigilance in cybersecurity practices.