Codenamed Sowbug, the hacking grouping has been exposed yesteryear Symantec safety researchers, who spotted the grouping conducting secret attacks against unusual policy institutions, authorities bodies in addition to diplomatic targets inwards countries, including Argentina, Brazil, Ecuador, Republic of Peru in addition to Malaysia.
Symantec analysis institute that the Sowbug hacking grouping uses a slice of malware dubbed "Felismus" to launch its attacks in addition to infiltrate their targets.
First identified inwards belatedly March of this year, Felismus is a sophisticated, well-written slice of remote access Trojan (RAT) amongst a modular structure that allows the backdoor trojan to enshroud in addition to or extend its capabilities.
The malware allows malicious actors to accept consummate command of an infected scheme in addition to similar almost RATs, Felismus also allows attackers to communicate amongst a remote server, download files, in addition to execute rhythm out commands.
By analysing Felismus, researchers were able to connect previous assail campaigns amongst the Sowbug hacking group, indicating that it had been active since at to the lowest degree early-2015 in addition to may cause got been operating fifty-fifty earlier.
"To date, Sowbug appears to locomote focused mainly on authorities entities inwards South America in addition to Southeast Asia in addition to has infiltrated organizations inwards Argentina, Brazil, Ecuador, Peru, Negara Brunei Darussalam in addition to Malaysia," the Symantec study said.
"The grouping is good resourced, capable of infiltrating multiple targets simultaneously in addition to volition oft operate exterior the working hours of targeted organisations."Although it is all the same unclear how the Sowbug hackers managed to attain a foothold inwards figurer networks, bear witness gathered yesteryear researchers suggested the hackers cause got made occupation of fake, malicious software updates of Windows or Adobe Reader.
The researchers also institute that the grouping cause got used a tool known every bit Starloader to deploy additional malware in addition to tools, such every bit credential dumpers in addition to keyloggers, on victims' networks.
Symantec researchers cause got institute bear witness of Starloader files beingness spread every bit software updates entitled AdobeUpdate.exe, AcrobatUpdate.exe, in addition to INTELUPDATE.EXE amid others.
Instead of compromising the software itself, Sowbug gives its hacking tools file names "similar to those used yesteryear software in addition to places them inwards directory trees that could locomote false for those used yesteryear the legitimate software."
This play a trick on allows the hackers to enshroud inwards manifestly sight, "as their appearance is unlikely to arouse suspicion."
The Sowbug hackers took several measures to rest under-the-radar yesteryear carrying out their espionage operations exterior of criterion role hours to hold the presence on targeted networks for months at a time.
In i instance, the hacking grouping remained undetected on the target’s network for upwardly to 6 months betwixt September 2016 in addition to March 2017.
Besides the Felismus malware's distribution method used inwards the Sowbug operation, the identity of Sowbug attackers also remains unknown.
Share This :
comment 0 Comments
more_vert