A new joint report by DOS-OP and the Alma Research and Education Center describes the BQT.Lock (BaqiyatLock) ransomware group as an offensive cyber arm of the Hezbollah terrorist group, not a purely criminal outfit.

The authors say the group shows a direct and systematic affiliation with Hezbollah and the Iranian cyber apparatus.

According to the Nov. 23 report, BQT.Lock is operated by Karim Fayad, whom the report’s authors identify as a Lebanese computer engineering student who leads the group while maintaining a “double life.” They say he is active in civilian academic and professional roles while simultaneously running cyber operations for the Iranian terror proxy.

The report characterizes BQT.Lock as a ransomware -as-a-service operation that has attacked multiple targets wor

See Full Page