Today News
A+ A A-

Group behind cyber attacks identified

Symantec has identified a previously unknown group called Sowbug that has been conducting highly targeted cyber attacks against organizations in South America and Southeast Asia and appears to be heavily focused on foreign policy institutions and diplomatic targets.
Sowbug has been seen mounting classic espionage attacks by stealing documents from the organizations it infiltrates. 
Symantec saw the first evidence of Sowbug-related activity with the discovery in March 2017 of an entirely new piece of malware called Felismus used against a target in Southeast Asia. 
“We have subsequently identified further victims on both sides of the Pacific Ocean. While the Felismus tool was first identified in March of this year, its association with Sowbug was unknown until now. Symantec has also been able to connect earlier attack campaigns with Sowbug, demonstrating that it has been active since at least early-2015 and may have been operating even earlier,” the company said.
To date, Sowbug appears to be focused mainly on government entities in South America and Southeast Asia and has infiltrated organizations in Argentina, Brazil, Ecuador, Peru, Brunei and Malaysia.
The group is well resourced, capable of infiltrating multiple targets simultaneously and will often operate outside the working hours of targeted organizations in order to maintain a low profile. 
Some clues about the motivation and interests of the attackers can be found in their activities after compromising victims.
For example, in a 2015 attack on one South American foreign ministry, the group appeared to be searching for very specific information. 
The first evidence of its intrusion dated May 6, 2015 but activity appeared to have begun in earnest on May 12. The attackers appeared to be interested in one division of the ministry that is responsible for relations with the Asia-Pacific region.
They attempted to extract all Word documents stored on a file server belonging to this division by bundling them into a RAR archive by running the following command:
cmd.exe /c c:\windows\rar.exe a -m5 -r -ta20150511000000 -v3072 c:\recycler\[REDACTED].rar “\\[REDACTED]\*.docx” \\[REDACTED]\*.doc.
Interestingly, the command specified that only files modified from May 11, 2015 onwards should be archived.

Leave a comment

Make sure you enter the (*) required information where indicated.Basic HTML code is allowed.


Unworkable annulment bill

17-12-2017 Tribune Wires

Unworkable annulment bill

The latest committee approved House bill legalizing Chu...

Libya oasis town offers rare ‘Safe House…

17-12-2017 Tribune Wires

Libya oasis town offers rare ‘Safe House’ for migrants

Bani Walid, Libya — For migrants who escape torture and...

Christmas like chicken soup for the soul

17-12-2017 Tribune Wires

Christmas like chicken soup for the soul

The Philippines has long been criticized for having wha...

Haste makes waste

17-12-2017 Tribune Wires

Haste makes waste

By his own admission, the former president, Nonoy Aquin...

Indonesia court rejects bidto outlaw ext…

17-12-2017 Tribune Wires

Indonesia court rejects bidto outlaw extramarital sex

Jakarta, Indonesia — A bid to make all sex outside marr...

Raving in Myanmar as EDM conquers Asia’s…

17-12-2017 Tribune Wires

Raving in Myanmar as EDM conquers Asia’s frontiers

Yangon, Myanmar — Lasers cut across the sea of ravers b...






Life Style




Unit 102, 1020 Bel-Air apartment, Roxas Blvd, Ermita, Manila Copyright 2000-2017 All rights reserved, The Daily Tribune Publishing Inc.