Cybersecurity researchers at BlackBerry say cybercrime-as-a-service schemes have captured the attention of nation states with active hacking operations, who now have the option to hire cybercriminals to carry out attacks such as phishing, malware or breaching networks for money, ZDNet
“The emergence, sophistication, and anonymity of crimeware-as-a-service means that nation states can mask their efforts behind third-party contractors and an almost impenetrable wall of plausible deniability,” according to the BlackBerry 2021 Threat Report.
The Bahamut hacking campaign, which targeted governments, private industry and individuals for several years through operations including phishing, social engineering and zero-day attacks, serves as an example of the level of sophistication cybercriminals can attain in their attacks, Blackberry researchers said. They pointed out that the Bahamut hackers likely picked their targets based on profit and worked for various clients.
Bahamut is currently still active with campaigns against government agencies across the Middle East and has also been active in South Asia, mostly using smartphone-based attacks, the researchers said.