Attack attribution is one of the most difficult aspects of malware research and it’s not uncommon for different security companies to attribute attack campaigns to different threat actors only to later discover that they were the work of the same group. However, a new paper by researchers at Blackberry stands out by exposing an elusive group dubbed Bahamut as responsible for a spider web of carefully constructed and carried out phishing and malware attacks.

The group’s hacking activities trace back to at least 2016, involve malware for Windows, macOS, iOS and Android. They have impacted a diverse range of individuals, including government officials, separatists and human rights activists from several countries.