Back to Blog

Newly Uncovered ‘SowBug’ Cyber-Espionage Group Stealing Diplomatic Secrets Since 2015

November 8, 2017

By: Sikur

Capturar

Mohit Kumar

November 07, 2017

A previously unknown hacking and cyber-espionage group that has been in operation since at least 2015 have conducted a series of highly targeted attacks against a host of government organizations in South America and Southeast Asia to steal their sensitive data.

Codenamed Sowbug, the hacking group has been exposed by Symantec security researchers, who spotted the group conducting clandestine attacks against foreign policy institutions, government bodies and diplomatic targets in countries, including Argentina, Brazil, Ecuador, Peru and Malaysia.

Symantec analysis found that the Sowbug hacking group uses a piece of malware dubbed “Felismus” to launch its attacks and infiltrate their targets.

First identified in late March of this year, Felismus is a sophisticated, well-written piece of remote access Trojan (RAT) with a modular construction that allows the backdoor trojan to hide and or extend its capabilities.

The malware allows malicious actors to take complete control of an infected system and like most RATs, Felismus also allows attackers to communicate with a remote server, download files, and execute shell commands.

By analysing Felismus, researchers were able to connect previous attack campaigns with the Sowbug hacking group, indicating that it had been active since at least early-2015 and may have been operating even earlier.

“To date, Sowbug appears to be focused mainly on government entities in South America and Southeast Asia and has infiltrated organizations in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia,” the Symantec report said.

“The group is well resourced, capable of infiltrating multiple targets simultaneously and will often operate outside the working hours of targeted organisations.”

MORE: https://thehackernews.com/2017/11/sowbug-hacking-group.html

Contact us

Safety is essential to your decision making. We are sure that our team can clarify any doubts. After all, we understand security.

contact@sikur.com

Follow us

Try SIKUR





Contact Us
First Name*
Last Name*
E-mail*
Mobile Number*
Company*
Country*
Tell us what do you need* ?
Products: Hold CTRL+Click to add more than 1.* ?
Comments
I agree to the Privacy Policy and Terms of Service.