Weak Technical commonality found between Bahamut APT and DoNot APT

In today’s world cyber espionage has become an important tool for every nation. Researchers have been trying to uncover such Advance Persistent Technical (APT) reports to know who will behind this cyber attack.

Bahamut APT — Cyfirma

Recently, Bangalore-based cybersecurity company Cyfirma detected a cyber-attack on an intelligence operative in India and presented a report stating “APT Bahamut Attacks Indian Intelligence Operative using Android Malware”. The threat actor is known for conducting their cyber espionage strikes in the Middle Eastern region and South Asian region.

The attacker asked the victim to download the app to share the file in encrypted form. The threat actor kept the engagement going for the past few days and suddenly took advantage of earned trust to make the victim install the app. However, this attack was detected on time and dismantled before it could leave any damage.

Cyfirma researchers analyse the file sample named “SafeShare.apk”. However, this is the first time; researchers observed Bahamut using a fake Secure File sharing app in their strategic social engineering attack.


The DoNot Team (a.k.a APT-C-35) is advanced persistent threat actors who’ve been active since at least 2016. They’ve targeted many attacks against individuals and organizations in South Asia. DoNot are reported to be the main developers and users of Windows and Android spyware frameworks.

The hackers’ targets include countries in South Asia, in particular, state sector of Pakistan. In 2019, they have also seen targeting Bangladesh, Thailand, Sri Lanka, the Philippines, and outside of Asia, in places like Argentina, the United Arab Emirates, and Great Britain.

According to the report

Read more

Explore the site

More from the blog

Latest News