A new joint report by DOS-OP and the Alma Research and Education Center describes the BQT.Lock (BaqiyatLock) ransomware group as an offensive cyber arm of the Hezbollah terrorist group, not a purely criminal outfit.
The authors say the group shows a direct and systematic affiliation with Hezbollah and the Iranian cyber apparatus.
According to the Nov. 23 report, BQT.Lock is operated by Karim Fayad, whom the report’s authors identify as a Lebanese computer engineering student who leads the group while maintaining a “double life.” They say he is active in civilian academic and professional roles while simultaneously running cyber operations for the Iranian terror proxy.
The report characterizes BQT.Lock as a ransomware-as-a-service operation that has attacked multiple targets worldwide and stolen sensitive data. Its main targets include Israel, the United States, Saudi Arabia, India, the United Arab Emirates and Lebanon.
Alma links the operation ideologically to Hezbollah, noting that the name “Baqiyat/BaqiyatLock” is derived from a Shi’ite religious concept associated with Hezbollah and Iranian narratives.
