In March 2016, Symantec published a blog on Suckfly, an advanced cyberespionage group
that conducted attacks against a number of South Korean organizations
to steal digital certificates. Since then we have identified a number of
attacks over a two-year period, beginning in April 2014, which we
attribute to Suckfly. The attacks targeted high-profile targets,
including government and commercial organizations. These attacks
occurred in several different countries, but our investigation revealed
that the primary targets were individuals and organizations primarily
located in India.
While there have been several Suckfly campaigns that infected organizations with the group’s custom malware Backdoor.Nidiran,
the Indian targets show a greater amount of post-infection activity
than targets in other regions. This suggests that these attacks were
part of a planned operation against specific targets in India.
Campaign activity in India
The first known Suckfly campaign began in April of 2014. During our investigation of the campaign, we identified a number of global targets across several industries who were attacked in 2015. Many of the targets we identified were well known commercial organizations located in India. These organizations included:
The first known Suckfly campaign began in April of 2014. During our investigation of the campaign, we identified a number of global targets across several industries who were attacked in 2015. Many of the targets we identified were well known commercial organizations located in India. These organizations included:
- One of India's largest financial organizations
- A large e-commerce company
- The e-commerce company's primary shipping vendor
- One of India's top five IT firms
- A United States healthcare provider's Indian business unit
- Two government organizations
Комментариев нет:
Отправить комментарий